Neelesh Gurjar neel.hjs@gmail.com wrote:
Hi, I have a web server which has CentOS Linux 2.6.18-028stab059.6-ent kernel and Apache 1.3.37 running on it.
2 days back I got one script to test DoS attack on website. It is called slowloris.pl from http://ha.ckers.org/slowloris/
I run that script against my server and it worked. It stopped my website for some time. That time all other services like SSH were working fine.
Can anybody suggests any configuration changes at Apache and OS/Kernel level to prevent from this type of attack ?
Currently I am using following settings:
Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5 MinSpareServers 5 MaxSpareServers 10 StartServers 5 MaxClients 150 MaxRequestsPerChild 0
Then Kernel settings are like : tcp_keepalive_time 7200 tcp_keepalive_time 9 tcp_keepalive_intvl 75 tcp_syn_retries 5 tcp_synack_retries 5 tcp_fin_timeout 60
mod_evasive, formerly known as mod_dosevasive is a Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server. When possible attacks are detected, mod_evasive will block the traffic from the source for a specific duration of time, while reports abuses via email and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers, and etc. to build a comprehensive DDOS prevention system for the high traffic busy web server. Else, for Apache 1.3.x,
....
Thanks very much Sameep for all this information.
Regards Neelesh