A Few tips for Protecting Apache Web Server against DOS Atacks

Filed in Apache 0 comments

Introduction to web server dos attack

When it is talked about DDos it is mainly a dos attack that is attacking the web server and this is categorised to Apache Security.

The first thing you should have i n mind is to update apache to the latest version and have the latest modules installed to prevent from being attacked from known exploits jsut because of being out-dated.

You should also do alitle optimization to apache that in default it is configured to be able to run on any kind of servers.I have also introduced some Firewalls that can detect ip addresses that have so mny connections and will block them for specific amount of time that you configure them.

Lower The Apache Timeout

Timeout directive must be a lower number than predefined value “300″ on the whole server or on the websites that are subjects to dos attack

Lower The Apache KeepAliveTime

KeepAliveTimeout directive also have to be a lower number on the sites that are subject to dos attack or on the whole server

Turn Off  Apache KeepAlive

for better preformance if your server is not powerfull and also to defend against dos attack to apache this can be Off

Lower Apache MaxClients

If your server has a low ram and also the attacker will consueme all of the ram that will resultin a high load that the only luck is to reboot then you must lower the amount of MaxClients

Install a Firewall

install a firewall to limit each ip connections let say to 200 in that case if one ips connections exeeded that number of connetion will resultin banning of that cnnetion for a period of time

Install CSF (ConfigServer Security & Firewall) & LFD

For linux servers specially centos linux  servers that I personaly have tested and was so great servers you can install CSF(ConfigServer Security & Firewall) and then enable the CT_Limit and config it with desired amount of maximum connections that each IP can have on your server open.

Install DOS_DEFLATE

You can also install dos_defalte that is not suggested by myself that it will count the whole connections of the whol ports and will have false-positive effects if a person ue ftp that is a connection hungry. but you can do some kind of optimization to it to just count port 80.

KeepAlive

Related posts:

  1. MaxClients in Apache
  2. How to stream flv with apache and jwplayer in linux server?
  3. preventing dos attacks with mod_evasive
Posted by voshka   @   25 June 2010 0 comments

Share This Post

RSS Digg Twitter StumbleUpon Delicious Technorati

0 Comments

Add Comment
No comments yet. Be the first to leave a comment !
Leave a Comment

Previous Post
« Next Post
»
© 2009 - 2012 Woshka's Experiences Powered by Wordpress
CrossBlock designed by DeltaManual.Com  |  In conjunction with Web Hosting   |   Web Hosting   |   Reverse phone