Category Archives: Security

Apache mod_qos: How To Defend Against slowloris DDoS

mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests. Here’s what the official documentation says:

But why do you need quality of service for a web application? Well, web servers require threads and processes to serve HTTP requests. Each TCP connection to the web server occupies one of these threads respectively processes. Sometimes a server gets too busy to serve every request due to the lack of free processes or threads. Another parameter requiring control by mod_qos is the available bandwidth: all clients communicate to the server over a network link with limited bandwidth. Overfilling the link results in network congestion and poor performance.

Example situations where web applications require QoS:

  • More resources are consumed if request processing by an application takes a long time, e.g. when request processing includes time consuming database queries.
  • Oversubscription of link capabilities due to many concurrent clients uploading or downloading data.
  • Penetration of the web server by attackers (DDoS).

mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.

Here’s a guide on installing mod_qos on Cent OS 5: Continue reading

Evasive Action in the Event of HTTP DoS attack Using mod_evasive on Apache

One of the guides to follow, to enable and protect against HTTP DoS attacks in Apache, using mod_evasive:

mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and more.

Read more…

Secure Apache Server from DDoS, Slowloris and DNS Injection attacks

Apache is the most widely used web server on the planet, and it’s also one of the most widely attacked. To that end, it’s always smart to lock down your Apache server as best as possible. This goes well beyond just locking down your network — you need to give that Apache server as much attention as it might get from outside sources.

Read more…