Portal Home > Knowledgebase > Articles Database > Apache protection against attacks of nowadays
Apache protection against attacks of nowadays
| Posted by komi, 03-23-2011, 06:36 PM |
| I have been running nginx on one server, and I did not have any problems with attacks so far.
However, I would like to know how to protect Apache from those attacks, because nginx is not an option in some cases.
I recently noticed my Apache server was vulnerable against Slowloris attacks, so I installed mod_antiloris and it sort of fixed it.
Now when I launch a Slowloris attack from one of my other servers, the website will load for about 10 seconds before it serves the page. After that everything is served instantly. Is there any way to prevent this to happen?
What other modules do I need besides mod_antiloris to be protected against attacks of nowadays?
I understood mod_security was an all-in-one solution. However I just tried it and my Apache server was still vulnerable against Slowloris attacks.
1) Please do not post "You cannot do anything about a real DDoS", because I already know that. All I ask for are fixes to Apache's vulnerabilities.
2) Yes I did Google and search around before posting, and I only found old posts or solutions to only one specific kind of attack.
|
| Posted by asciiDigital, 03-23-2011, 07:07 PM |
| What version of Apache are you running? Is there anything showing up in the error_log?
|
| Posted by komi, 03-23-2011, 07:31 PM |
| I am running the latest version of Apache and everything related. It is not an attack that is currently going on. I only want to know what you guys are using to protect your Apache server from all of these attacks.
|
| Posted by speckl, 03-23-2011, 07:35 PM |
| Your choosing the best MPM type for your needs really help as well.
Prefork cannot handle as much as worker and worker isn't as optimized as event.
|
| Posted by HSN-Saman, 03-23-2011, 07:39 PM |
| I would prefer to use CSF and limit connections per ip instead of extra modules on apache and make it heavy!
Apache as default need really high memory,
about high DDoS attacks webservers won't help you anyway!
you should use hardware firewall and loadbalanced or failover servers,
if you want to be available always
|
| Posted by komi, 03-23-2011, 07:41 PM |
| Thanks for the suggestion. I will deepen on this.
|
| Posted by HSN-Saman, 03-23-2011, 07:49 PM |
| 1 Vote for MPM Event
* Research about MPM Event before you want to install it
|
| Posted by komi, 03-23-2011, 07:51 PM |
| I have tried a small extension for APF before that limited connections per IP and as result I received reports of users who got innocently blocked.
How could a hardware firewall help when it is a vulnerability in Apache itself?
|
| Posted by HSN-Saman, 03-23-2011, 07:53 PM |
| Can you explain what vulnerability Apache has?
|
| Posted by komi, 03-23-2011, 07:55 PM |
| Slowloris for example, see my startpost.
|
| Posted by HSN-Saman, 03-23-2011, 07:59 PM |
| I tried slowloris for Nginx and Litespeed too,
both of them go down
litespeed has connection limit per ip as default
if you do it for apache it would really help you
install CSF and configure it as well,
Limit connection as your requirements.( 100~275 would be fine )
you should work on software at first then to be harder use hardware firewall,
if you set good rules for your hardware firewall it could block many attacks(specially Floods)
|
| Posted by omega36, 03-24-2011, 02:07 AM |
| For general attacks I would recommend mod_security, otherwise, check this serverfault post about defending your webserver against Slowloris - seems like there is some useful information there.
|
| Posted by komi, 06-14-2011, 09:37 AM |
| Sorry for being a bit inactive, thanks for the suggestions.
This is probably something you should check out guys:
https://github.com/vigeek/ddoSutil
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
