[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: URI max hits limiting

2008/12/22 Bogdan <do.IT@i.ua>:
> Hi Wojciech,
> could you please post the solution you'll settle upon?
> I've got a single server being prepared for deployment as "shared hosting" service, and would like to minimize the effects of DoS attacks as well. So far I've configured mod_evasive, and it does prevent using "siege" (and probably "ab") as attack methods :)

As I wrote i have high available clustered LVS solution with
loadbalancer and listing connections to my app servers puts many lines
like this on the screen :

tcp        0      0 loadbalancer00:80         app00:38415       TIME_WAIT  -

which means that http connections are made to loadbalancer.

i didn't try so far this mod but if mod_evasive is limiting
connections to one ip address simply by taking the addr from tcpip
header , i won't be able to limit it.

without loadbalancer it would print many connections to people outside
your network so evasive would work.

maybe I am wrong but afaik mod_evasive does not look into the http
request that (afaic) does not contain the client's ip address ,thus
lighttpd cannot limit requests from one ip if the connectoins are from
loadbalancer to the backend.

anyway Bogdan,
thanks for helping in the previous topic ;)


Wojciech Ziniewicz
Unix SEX :{look;gawk;find;sed;talk;grep;touch;finger;find;fl
ex;unzip;head;tail; mount;workbone;fsck;yes;gasp;fsck;more;yes;yes;eje
ct;umount;makeclean; zip;split;done;exit:xargs!!;)}

Reply to: