> Are there any other ways of protecting my server from > being overloaded (currently I sent the maxclients count to 75 which is almost > reached some times..)
There are no ways to protect it for all possible (and easily usable) cases. This is due to the one-connection-one-process model of Apache, which makes it trivially possible for an attacker to connect at 1 SYN per second, send half a request header (Apache patiently waiting for the rest), and go to sleep. Repeat until the max number of Apache processes is occupied waiting for request completion. If per-client-IP limits are active, use enough different client IPs (trivial with one hacked attacker machine in a network with otherwise unused IPs - you can simply take them over). There are (rate limiting) ways to protect against _some_ types of attack, as others will certainly show you, but be aware that they won't help against a knowledgeable attacker mounting something like the attack above. best regards Patrick
