>> ModSecurity looks good and I think it works with nginx as well as >> apache. Is everyone who isn't running OSSEC HIDS or ModSecurity >> vulnerable to a single client requesting too many pages and >> interrupting the service? > > Not everyone, no. There are other alternatives such as mod_limitipconn > and mod_reqtimeout to help with such problems as well.
mod_limitipconn sounded like the perfect solution until I started thinking about how many people use the same IP address in some environments like university campuses. I could end up creating a lot more problems than I solve. Does ModSecurity have the same potential downside? Would mod_remoteip prevent this? Is mod_reqtimeout a better solution? I found the following config recommended online within the context of Slowloris attack mitigation: RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 Will that do anything to prevent someone from opening too many connections and interrupting the apache service? - Grant --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
