Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
The Internet Software Apache

New Apache Module For Fending Off DoS Attacks 62

Posted by Hemos from the beath-them-down dept.
Network Dweebs Corporation writes "A new Apache DoS mod, called mod_dosevasive (short for dos evasive maneuvers) is now available for Apache 1.3. This new module gives Apache the ability to deny (403) web page retrieval from clients requesting more than one or two pages per second, and helps protect bandwidth and system resources in the event of a single-system or distributed request-based DoS attack. This freely distributable, open-source mod can be found at http://www.networkdweebs.com/stuff/security.html"
This discussion has been archived. No new comments can be posted.

New Apache Module For Fending Off DoS Attacks More

New Apache Module For Fending Off DoS Attacks

Comments Filter:

  • A possible problem? (Score:3, Interesting)

    by n-baxley ( 103975 ) <nate@NosPAm.baxleys.org> on Wednesday October 30, 2002 @10:12AM (#4563793) Homepage Journal
    I'm sure they've thought of this, but will this affect frame pages where the browser requests multiple pages at the same time? How about scripting and stylesheet includes which are made as seperate requests, usually right on the heels of the original page? I hope they've handled this. It seems like the number should be set higher. Maybe 10 requests a second is a better point. That's probably adjustable though. I suppose I should RTFM.

  • Re:The "why" behind this.. (Score:2, Interesting)

    by dondelelcaro ( 81997 ) <don@donarmstrong.com> on Wednesday October 30, 2002 @12:38PM (#4565033) Homepage Journal
    The much higher traffic competitor had a bunch of 1 pixel by 1 pixel frames and each one loaded a copy of the little guy's site. The effect was he was using his own users to DoS his competition.
    One wonders why he didn't just use some javascript to break out of the frame jail, and then explain that users had been redirected to foo because bar was loading foo's pages? [Granted, it would have been caught eventually, but for the time being, legitimate traffic might win you a few customers...]

  • Re:Misunderstanding about Module (Score:1, Interesting)

    by hfastedge ( 542013 ) on Wednesday October 30, 2002 @01:10PM (#4565340) Homepage Journal
    Heres a simple hack to your service: simply get 10 or so files from the server, and use your scripts to randomely fetch all 10...or 100, or 1000.

  • Speaking of Security-related Apache Modules (Score:1, Interesting)

    by Anonymous Coward on Wednesday October 30, 2002 @08:48PM (#4569812)
    A while back I wrote an Apache module similar to this one (mod_antihak), but it protected against CodeRed bandwidth consumption. It also had a slightly more brutal method of blocking offenders: ipchains :) There's inherant problems with this though, the 403 would be the way I would go too if I did it all again.

  • simple (Score:2, Interesting)

    by krappie ( 172561 ) on Friday November 08, 2002 @08:51PM (#4629950)
    I work as tech support for a webhosting company. I see things like this all the time. People tend to think its impossible to block because its not from any one specific ip address, but the requests are coming from all over. People need to learn the awesome power of mod_rewrite.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://(.+\.)*bigguysite.com/ [NC]
    RewriteRule /* - [F]

    I've also seen people who had bad domain names pointed at their ips, where you can check the HTTP_HOST. I've seen recursive download programs totally crush webservers, mod_rewrite can check the HTTP_USER_AGENT for that. Of course, download programs could always change the specified user agent, which is I guess where this apache module could come in handy. Good idea..

Slashdot Top Deals

"Engineering without management is art." -- Jeff Johnson

Close