I'm getting a few mbps flood. The problem is it's taking my Apache down every time.
I currently have installed and configured:
Custom /etc/sysctl.conf from here: sph1.net/sysctl-tuner.sh
My problem is my apache gets down every time when there is ddos. I basically need tweaks that will allow my apache to stay up, like maxclients option in httpd.conf, max open files and so on. Every other protection in apache level would be appreciated.
This kind of attack just opens a connection to apache but doesn't do anything. When most apache processes are connected with an attacker almost nobody can access the server anymore. /server-status/ (if you can open it) will always show the same URL with many different IP's, which means that it is a slow-loris attack.
Combined with an optimized amount of max processes this should solve the problem, it's a rough guess but on average I'm right with this
If that doesn't work you would likely need to look at getting a server behind mitigation or adding some form of remote protection. The issue is that this sort of attack is not easily blocked with any method on the server-side without complex scripting or just tons of resources.
Another option is switching to something like LiteSpeed or nginx which can handle it a bit better. Specifically bursts and hung connections, which Apache will fold over time with. Best of luck!
It could very well be the slowloris attack as mentioned above. Even the latest version of Apache is vulnerable to this as far as I know, the only method I know for sure to block it is to use a reverse proxy server in front of Apache.
█ Accelerated Hosting - From Constant Internet
█ Automatically serving your website from the nearest server
█ Get hosted on our global network! America / Europe / Asia