All geek questions in one place

Apache IP throttling requests?

I want to suppress requests to my web server in order to prevent web cleanup and denial of service attacks on my site. I am ready to be relatively weak, the main thing is that no one asks so much to slow down the work.

I was thinking of setting up throttling by IP address, so that requests from a specific IP address will be slowed down if too many requests are made in a short period of time.

I have some questions.

  • Is this the right way to deal with web scrapers and web server-level DoS attacks?
  • What is a good limit to not inconvenience ordinary users who can work on shared IP networks?
  • How exactly should I configure throttling? I am using Apache / 2.2
+6
source share
2 answers

"Is this right ... at the web server level?" This is probably the best option. It might be nice to have different threshold values ​​on different parts of your site: you may be more likely to throttle certain types of traffic than others. But ideally, these parameters will be managed at the network level.

"What a good limit ...?" It completely depends on your traffic. How much do you expect, where did your real users come from, etc.

How to do it? You can write rules to handle this kind of thing in ModSecurity , which also protects against some other things. As with the mod_evasive answer, this will not completely protect you from intruders with a large number of resources at their disposal, but it will force them to activate their game.

I don’t think there is something β€œbuilt-in” in Apache httpd that will facilitate this. It would be expected that problems with an abusive IP address (i.e. network traffic problems) are managed at the network level.

EDIT:

Since you are commenting elsewhere that you are using Rackspace for hosting, you can check your load balancing API .

+3
source

To avoid a dos / web scraping attack, you can explore mod_evasive, which provides a different configuration for blocking requests. http://www.zdziarski.com/blog/?page_id=442

It can be useful for basic protection, but it will not be enough for a certain and experienced attacker who can attack from the internal network or use an array of proxy servers to hide his IP address.

0
source

Source: https://habr.com/ru/post/897589/

More articles:


All Articles