[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian on HP proliant

I am exposing another machine as http mirror, and am trying to secure it.
Done with iptables.
configured portsentry to auto-block portscans.

How to block TRACE in apache?
I believe you do it with rewriting rule like such, but does not work.
<IfModule mod_rewrite.c>
#security changes
RewriteRule .* - [F]

How to restrict ALL product information?
I want to leak no webserver/os information, I've already configured:

ServerTokens ProductOnly

Anyone have a rule to restrict this via mod_rewrite or similar?

I have also been trying to prevent DOS attacks.
I used mod_throttle on the webserver but it had severe performance
problems. It just slowed the webserver down drastically.

What iptable rules or scripts, have you used to prevent DOS on the webserver?
I would be very interested in hearing how others do this.

For example last week I was being trawled by 20 bots from one of the
search engines. If I had an iptables throttle on simultaneous connections
or similar I would not have had problems.

6 weeks ago I had a user publish a movie file that maxed out my webserver
at 256 simultaneous connections and was using 40 megs of traffic a second.
This used up 2/3rds of our network bandwidth, and prevented anyone else
from viewing webpages on our webserver.
Our webserver kept working...joy joy.
Any ideas on how to prevent this particular DOS?
An scripts you use?
--Luke CS Sysadmin, Montana State University-Bozeman

Reply to: