>
> You using iptables? What rules did you end up using to accomplish this?
>
Using OpenBSD's Packet Filter. It's not perfect; I have to set the
connection limit quite high (at 36) because the connection state stays
in the firewall for about a minute even during the FIN_WAIT_2 stage.
Here are my
> add Operating System wide firewall rules to
> disallow more than N number of concurrent TCP connections to port 80
> from a single IP address.
You using iptables? What rules did you end up using to accomplish this?
smime.p7s
Description: S/MIME cryptographic signature
> Isn't it diffcult to configure it based on Ip because:
>
> 1. Ip could be of proxy server
> 2. Ip could be of ISP
>
> Would that lead into good requests being denied?
Sometimes, yes, but mostly, no.
-
The official User-To-User
Isn't it diffcult to configure it based on Ip because:
1. Ip could be of proxy server
2. Ip could be of ISP
Would that lead into good requests being denied?
On Sun, Apr 4, 2010 at 11:16 AM, Nerius Landys wrote:
> Guys, I think I'll just add Operating System wide firewall rules to
> disallow mor
Guys, I think I'll just add Operating System wide firewall rules to
disallow more than N number of concurrent TCP connections to port 80
from a single IP address.
-
The official User-To-User support forum of the Apache HTTP Server
On 4 Apr 2010, at 07:03, Morgan Gangwere wrote:
> On a note, someone posted about Slowloris and Apache:
> http://bahumbug.wordpress.com/2009/06/21/slowloris/
FWIW, that's been overtaken by events. I wrote mod_noloris shortly after
that blog entry. That too has been overtaken, and nowadays I'd
On 4/3/2010, lots of people chimed in saying things.
Around 00:03 [-7GMT], Morgan Gangwere chimed in to say:
I'd suggest either turning on Syn Cookies, getting mpm_worker running,
or not really worrying about it. mpm_worker so far for me has been able
to avoid the Slowloris attack on a 50Mhz AR
It was thus said that the Great Nerius Landys once stated:
> > This is called 'slow loris' attack. That'll give you something to Google for
> > :)
>
> Thank you so much for the help guys.
>
> I did Google "slowloris" and I did indeed find much information. In
> fact, the program I wrote from scr
On Sat, Apr 3, 2010 at 9:09 PM, Nerius Landys wrote:
>> if (ip_count > conf->limit) {
>> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected,
>> too many connections in READ state from %s", c->remote_ip);
>> return OK;
>> } else {
>> return DECLINED;
>> }
I'd
> if (ip_count > conf->limit) {
> ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "Rejected,
> too many connections in READ state from %s", c->remote_ip);
> return OK;
> } else {
> return DECLINED;
> }
I figured out what OK and DECLINED mean. In httpd.h:
#define DE
> This is called 'slow loris' attack. That'll give you something to Google for
> :)
Thank you so much for the help guys.
I did Google "slowloris" and I did indeed find much information. In
fact, the program I wrote from scratch does the exact attack described
on the slowloris Wikipedia page.
An
11 matches
Mail list logo
