Why is mod_limitipconn-0.23 in Ubuntu 8.04 not working
Jimmy Snell
jzsnell at gmail.com
Wed Jul 23 13:38:48 UTC 2008
Dear Markus,
On Thu, Jul 17, 2008 at 9:17 PM, Markus Schönhaber
<ubuntu-users at list-post.mks-mail.de> wrote:
> Jimmy Snell wrote:
>
>> BTW, I am not sure how Apache and its DSOs work internally. But I
>> wonder whether there is a way to achieve the result I expected (refuse
>> new HTTP connections from the the attacker's IP)? If it
>> cannot done inside Apache or its DSOs, maybe it can be done by adding
>> a rule to the system iptables?
>
> I don't know of a way using only the means of httpd, but yes, it can be
> done using netfilter's limit match. For an explanation see, for example,
> here:
> http://iptables-tutorial.frozentux.net/chunkyhtml/x2702.html#LIMITMATCH
Thank you for your reply.
I have checked this tutorial, and it seems that it cannot perform a
limitation on a per-IP basis.
BTW, I found another apache module to cope with DDoS -
libapache2-mod-evasive, which has already been made as a package for
Hardy. I have tried this module out, however, I found it seems not
very useful when working together with limitipconn module.
I asked this question in the mailing list because I could not find an
effective way to prevent a DDoS attack to my website. So, any
solutions tested by experienced webmasters is very appreciated.
Thanks.
-
Jimmy
More information about the ubuntu-users
mailing list