Does Apache Configuration prevent DoS attach?

rawandnet
rawandnet used Ask the Experts™
on
Dear All

Preventing DoS attack on our Apache Web server is the most difficult and challenging problems we have ever faced.  I looked at different solutions on the website, they are all recommending to use IPTable to block such attack.  But I have come to a conclusion that IPTables has nothing to do with that.  I have done a lot of configuration on IPTables and listened to many advanced but with no concrete result.

There must be another way to prevent DoS attack.  I don't know if Apache configuration can prevent such attach.

Basically, I am getting hundreds of connection from a specific IP address, which drained out the server memory and kills it.  The current situation we are doing is to block that IP range.  which is not a solution.

If you believe this issue can be resolved from Apache, please let me know how to tweak the setting.  
We are a university, the web server we have is mainly for displaying information.  

I would really appreciate any advice.

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
NoahHardware Tester and Debugger

Commented:
Hi! This link will provide you with a backbone to what you are facing :)

 https://securityintelligence.com/defending-against-apache-web-server-ddos-attacks/

Author

Commented:
I have already installed mod_evasive to block IP address that causes a problem.  it does show that the IP has been blocked but the attacker and it shows from the attacker's point of view that this I been lock but still continue and take down the server.
Uwe DegenhardtIT-Manager

Commented:
We are running Nginx as a reverse proxy for DDOS-attacks. If you really face DDOS it helps. At least for the small and medium attacks. If you are under heavy attack even this solution might not be enough.
C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

NoahHardware Tester and Debugger

Commented:
I agree with @Uwe Degenhardt

It seems to me that it is highly likely that it is highly evasive and highly concentrated attack. You may even need to hire a specialist who has experience resolving these types of issues and their accompanied complications on the server.
just a few notes :

there is no way in the world that any configuration local to the machine can efficiently prevent properly crafted DOS attacks since they will easily saturate the bandwidth BEFORE the server is even reached

in your case, since there is a single ip address, blocking that ip should be mildly efficient : it will actually prevent stuff such as slow loris and the likes. mod_evasive, failtoban with a specially crafted config or simply limiting the number of allowed per-ip connection should help in this specific scenario. finding the attacker and suing them should be quite easy as well since there are high chances you are facing a script kiddie attacking you from his home. it is also fairly possible the attack is actually not intended : it may be accidentally produced by a misconfigured web crawler or test tool for example.

also note that apache is neither performant in heavy load scenaris and easily DOSed compared to other web servers. event-driven software such as nginx or lighttpd will both be more resilient and outperform apache by orders of magnitude.

best regards

Author

Commented:
thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial