Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Apache Module For Fending Off DoS Attacks

Posted by Hemos on from the beath-them-down dept.

Network Dweebs Corporation writes "A new Apache DoS mod, called mod_dosevasive (short for dos evasive maneuvers) is now available for Apache 1.3. This new module gives Apache the ability to deny (403) web page retrieval from clients requesting more than one or two pages per second, and helps protect bandwidth and system resources in the event of a single-system or distributed request-based DoS attack. This freely distributable, open-source mod can be found at http://www.networkdweebs.com/stuff/security.html"

5 of 62 comments (clear)

  1. A possible problem? by n-baxley · · Score: 3, Interesting

    I'm sure they've thought of this, but will this affect frame pages where the browser requests multiple pages at the same time? How about scripting and stylesheet includes which are made as seperate requests, usually right on the heels of the original page? I hope they've handled this. It seems like the number should be set higher. Maybe 10 requests a second is a better point. That's probably adjustable though. I suppose I should RTFM.

    --

    THIS SPACE FOR RENT
  2. Re:The "why" behind this.. by dondelelcaro · · Score: 2, Interesting
    The much higher traffic competitor had a bunch of 1 pixel by 1 pixel frames and each one loaded a copy of the little guy's site. The effect was he was using his own users to DoS his competition.
    One wonders why he didn't just use some javascript to break out of the frame jail, and then explain that users had been redirected to foo because bar was loading foo's pages? [Granted, it would have been caught eventually, but for the time being, legitimate traffic might win you a few customers...]
    --
    http://www.donarmstrong.com
  3. Re:Misunderstanding about Module by hfastedge · · Score: 1, Interesting

    Heres a simple hack to your service: simply get 10 or so files from the server, and use your scripts to randomely fetch all 10...or 100, or 1000.

    --

    -- -- --

    Help my mini cause: My journal

  4. Speaking of Security-related Apache Modules by Anonymous Coward · · Score: 1, Interesting

    A while back I wrote an Apache module similar to this one (mod_antihak), but it protected against CodeRed bandwidth consumption. It also had a slightly more brutal method of blocking offenders: ipchains :) There's inherant problems with this though, the 403 would be the way I would go too if I did it all again.

  5. simple by krappie · · Score: 2, Interesting

    I work as tech support for a webhosting company. I see things like this all the time. People tend to think its impossible to block because its not from any one specific ip address, but the requests are coming from all over. People need to learn the awesome power of mod_rewrite.

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://(.+\.)*bigguysite.com/ [NC]
    RewriteRule /* - [F]

    I've also seen people who had bad domain names pointed at their ips, where you can check the HTTP_HOST. I've seen recursive download programs totally crush webservers, mod_rewrite can check the HTTP_USER_AGENT for that. Of course, download programs could always change the specified user agent, which is I guess where this apache module could come in handy. Good idea..