Re: [users@httpd] My apache server attacked

[Jacky]

Thanks Yannik & Sander. I shall check out those modules. Shall reply for more if needed. Cheers !! Warm regards, Jacky Wong Sander Temme wrote: On Apr 23, 2007, at 2:31 AM, Jacky wrote: In our production environment, we have 2 apache servers firewalled to accept port 80 and 443 only. These apache servers will load balanced to 2 of our resin servlet container. Recently we checked from our logs and verified that there are certain unwelcomed individuals that did a mass posting to our apache servers causing our normal operations nearly to a halt. I would like to ask for advice from the experienced individuals from this mailing list, what you guys normally do to counter this? What we are doing right now is blocking them from firewall. Wish to get some suggestions from this list. Blocking attacks at the firewall is an excellent and very efficient approach, if the attacks come from only one or a few IP addresses. For distributed attacks, you might consider mod_dosevasive and/or mod_security http://www.modsecurity.org/ I'm not sure where the current home for dosevasive is. S. --Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]