Bug#533661: Use iptables

To: 533661@bugs.debian.org
Subject: Bug#533661: Use iptables
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 21 Sep 2009 20:14:27 +0200
Message-id: <200909212014.27357.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 533661@bugs.debian.org

At the moment, the best defense is using iptables connlimit with a 
reasonable maximum number of connections per IP (like 1/5 or 1/10 of 
what your server can handle). This will give you good protection from 
single attacking hosts. When the attacker has many hosts (i.e. a 
botnet) you have lost anyway.

If you can't use iptables (e.g. if you only have some vserver), there 
is libapache2-mod-antiloris in Debian unstable and testing. The 
package should work in stable and oldstable, too. Mod_antiloris may be 
better than nothing, but the slowloris script can be easily modified 
to circumvent mod_antiloris.

Reply to:

Prev by Date: Bug#547263: marked as done (insserv: warning: current start runlevel(s) (empty) of script `apache2')
Next by Date: Novidades do FF - Fernando Fernandes
Previous by thread: Bug#530535: marked as done (apache2: Apache fails to follow symlinks via other symlinks)
Next by thread: Novidades do FF - Fernando Fernandes
Index(es):
- Date
- Thread