There are other ways to rotate Apache logs, too. For example, on my FreeBSD
systems, there is something called newsyslog present at the operating system
level. There is a file named /etc/newsyslog.conf that has the following
lines on my system (I edited the file and added these lines):
#
According to the php manual, apache should be configured to parse php, e.g.:
FilesMatch \.php$
SetHandler application/x-httpd-php
/FilesMatch
Apparently this should be part of the addtype directive. I don't
understand which file I am to edit and add the code shown above. Can
somebody
Posted to users@ (as well as dev@) in case anyone wants to
report experiences - good or bad - on using it.
I have tried using various Apache modules to address possibilities of
Slowloris attacks. Finally, after not being satisfied with what
existing modules had to offer, I ended up using
You using iptables? What rules did you end up using to accomplish this?
Using OpenBSD's Packet Filter. It's not perfect; I have to set the
connection limit quite high (at 36) because the connection state stays
in the firewall for about a minute even during the FIN_WAIT_2 stage.
Here are my
Guys, I think I'll just add Operating System wide firewall rules to
disallow more than N number of concurrent TCP connections to port 80
from a single IP address.
-
The official User-To-User support forum of the Apache HTTP
Isn't it diffcult to configure it based on Ip because:
1. Ip could be of proxy server
2. Ip could be of ISP
Would that lead into good requests being denied?
Sometimes, yes, but mostly, no.
-
The official User-To-User
This is called 'slow loris' attack. That'll give you something to Google for
:)
Thank you so much for the help guys.
I did Google slowloris and I did indeed find much information. In
fact, the program I wrote from scratch does the exact attack described
on the slowloris Wikipedia page.
if (ip_count conf-limit) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, Rejected,
too many connections in READ state from %s, c-remote_ip);
return OK;
} else {
return DECLINED;
}
I figured out what OK and DECLINED mean. In httpd.h:
#define DECLINED -1
On Sat, Apr 3, 2010 at 9:09 PM, Nerius Landys nlan...@gmail.com wrote:
if (ip_count conf-limit) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, Rejected,
too many connections in READ state from %s, c-remote_ip);
return OK;
} else {
return DECLINED;
}
I'd