Re: Help Needed With DoS Attack

To: Aenn Seidhe Priest <sidhepriest@yandex.ru>
Cc: debian-user@lists.debian.org
Subject: Re: Help Needed With DoS Attack
From: Frank Hempel <lists@frankoni.net>
Date: Sun, 15 Jul 2007 16:56:04 +0200
Message-id: <[🔎] 469A3584.9060308@frankoni.net>
In-reply-to: <[🔎] 200707150751000608.00096F1D@smtp.yandex.ru>
References: <[🔎] 200707150751000608.00096F1D@smtp.yandex.ru>

Aenn Seidhe Priest schrieb:

Hello,

a webserver is under attack.

What's required is some kind of filtering software and a firewall that
could do the following:

pass only valid HTTP GET requests and block all other HTTP methods (PUT,
OPTIONS, CONNECT, etc.), possibly validate HTTP GET requests by matching to
local paths;
optionally disable HTTP 1.1 requests;
block excessively long URLs;
have an extensions whitelist/blacklist;

the firewall would have to have an option to auto-ban for flooding, and
restrict the simultaneous number of requests/connections from a single IP.

in case your webserver is an apache have you already checked outmod_evasive (http://www.zdziarski.com/projects/mod_evasive/). Haven'ttried it myself, but on their page they write: "mod_evasive is anevasive maneuvers module for Apache to provide evasive action in theevent of an HTTP DoS or DDoS attack or brute force attack"...


greets, frank.

Reply to:

Follow-Ups:
- Re: Help Needed With DoS Attack
  - From: "Aenn Seidhe Priest" <sidhepriest@yandex.ru>

References:
- Help Needed With DoS Attack
  - From: "Aenn Seidhe Priest" <sidhepriest@yandex.ru>

Prev by Date: Re: Lenny Install CD kernel version.
Next by Date: Re: Lenny Install CD kernel version.
Previous by thread: Re: Help Needed With DoS Attack
Next by thread: Re: Help Needed With DoS Attack
Index(es):
- Date
- Thread