Results 1 to 7 of 7

Thread: HTTPD floods

  1. #1
    Join Date
    Jun 2009

    HTTPD floods


    I'm getting a few mbps flood. The problem is it's taking my Apache down every time.

    I currently have installed and configured:
    Custom /etc/sysctl.conf from here:

    My problem is my apache gets down every time when there is ddos. I basically need tweaks that will allow my apache to stay up, like maxclients option in httpd.conf, max open files and so on. Every other protection in apache level would be appreciated.

    Thank you for your time

  2. #2
    Join Date
    Aug 2008
    You should take a look at the server-status page. Perhaps it's something like a slow-loris attack (see here)
    Regards, [NL] based hosting
    Shared | Reseller | KVM VPS | Reseller VPS

  3. #3
    Join Date
    Jun 2009

    Thank you, more suggestions would be appreciated.

    Have a good day.

  4. #4
    Join Date
    Aug 2008
    This kind of attack just opens a connection to apache but doesn't do anything. When most apache processes are connected with an attacker almost nobody can access the server anymore. /server-status/ (if you can open it) will always show the same URL with many different IP's, which means that it is a slow-loris attack.

    Combined with an optimized amount of max processes this should solve the problem, it's a rough guess but on average I'm right with this
    Regards, [NL] based hosting
    Shared | Reseller | KVM VPS | Reseller VPS

  5. #5
    Join Date
    Jun 2006
    If that doesn't work you would likely need to look at getting a server behind mitigation or adding some form of remote protection. The issue is that this sort of attack is not easily blocked with any method on the server-side without complex scripting or just tons of resources.

    Another option is switching to something like LiteSpeed or nginx which can handle it a bit better. Specifically bursts and hung connections, which Apache will fold over time with. Best of luck!
    FiberPeer.Com | | REAL DDoS Protection | Cloud Hosting | VPS | Dedicated Servers | High Bandwidth Hosting | 1Gbps-10Gbps Unmetered
    FiberPeer DDoS Mitigation | ethProxy Upgraded! | 14-Years Experience | Emergency 24/7 Support
    Visit us @

  6. #6
    Join Date
    Mar 2002
    Philadelphia, PA
    Are they making particular requests to a web resource? If it's only several mbps may be able to handle it locally.

    Scripting really comes in handy in circumstances like this however.
    Linux junkie |

  7. #7
    It could very well be the slowloris attack as mentioned above. Even the latest version of Apache is vulnerable to this as far as I know, the only method I know for sure to block it is to use a reverse proxy server in front of Apache.
    Accelerated Hosting - From Constant Internet
    Automatically serving your website from the nearest server
    Get hosted on our global network! America / Europe / Asia

Similar Threads

  1. Floods in Fiji
    By sfnz in forum Web Hosting Lounge
    Replies: 2
    Last Post: 01-14-2009, 08:43 AM
  2. UK Floods
    By saj in forum Web Hosting Lounge
    Replies: 15
    Last Post: 07-23-2007, 05:26 PM
  3. UK Floods
    By SHGreg in forum Web Hosting Lounge
    Replies: 5
    Last Post: 06-15-2007, 02:56 PM
  4. SYN floods
    By 2uantuM in forum Hosting Security and Technology
    Replies: 3
    Last Post: 11-30-2003, 03:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts