Does Apache Configuration prevent DoS attach?

Dear All

Preventing DoS attack on our Apache Web server is the most difficult and challenging problems we have ever faced.  I looked at different solutions on the website, they are all recommending to use IPTable to block such attack.  But I have come to a conclusion that IPTables has nothing to do with that.  I have done a lot of configuration on IPTables and listened to many advanced but with no concrete result.

There must be another way to prevent DoS attack.  I don't know if Apache configuration can prevent such attach.

Basically, I am getting hundreds of connection from a specific IP address, which drained out the server memory and kills it.  The current situation we are doing is to block that IP range.  which is not a solution.

If you believe this issue can be resolved from Apache, please let me know how to tweak the setting.  
We are a university, the web server we have is mainly for displaying information.  

I would really appreciate any advice.

Thanks in advance
rawandnetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

An Average Forum Participant Just For FunHardware Tester and DebuggerCommented:
Hi! This link will provide you with a backbone to what you are facing :)

 https://securityintelligence.com/defending-against-apache-web-server-ddos-attacks/
0
rawandnetAuthor Commented:
I have already installed mod_evasive to block IP address that causes a problem.  it does show that the IP has been blocked but the attacker and it shows from the attacker's point of view that this I been lock but still continue and take down the server.
0
Uwe DegenhardtIT-ManagerCommented:
We are running Nginx as a reverse proxy for DDOS-attacks. If you really face DDOS it helps. At least for the small and medium attacks. If you are under heavy attack even this solution might not be enough.
1
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

An Average Forum Participant Just For FunHardware Tester and DebuggerCommented:
I agree with @Uwe Degenhardt

It seems to me that it is highly likely that it is highly evasive and highly concentrated attack. You may even need to hire a specialist who has experience resolving these types of issues and their accompanied complications on the server.
0
skullnobrainsCommented:
just a few notes :

there is no way in the world that any configuration local to the machine can efficiently prevent properly crafted DOS attacks since they will easily saturate the bandwidth BEFORE the server is even reached

in your case, since there is a single ip address, blocking that ip should be mildly efficient : it will actually prevent stuff such as slow loris and the likes. mod_evasive, failtoban with a specially crafted config or simply limiting the number of allowed per-ip connection should help in this specific scenario. finding the attacker and suing them should be quite easy as well since there are high chances you are facing a script kiddie attacking you from his home. it is also fairly possible the attack is actually not intended : it may be accidentally produced by a misconfigured web crawler or test tool for example.

also note that apache is neither performant in heavy load scenaris and easily DOSed compared to other web servers. event-driven software such as nginx or lighttpd will both be more resilient and outperform apache by orders of magnitude.

best regards
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rawandnetAuthor Commented:
thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
attack

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.