apache dos attacks

ok for the last day or so i have been getting loads of attacks on apache

basically the user does this:

create loads of connections to the server but not send any requests.

this fils up your max connections (mine is currently set to 1000).

now i use webmin to configure apache, and in webmin i have set max requests per connection to 2

but this doesn't stop the person doing the dos attack from creating more than 2 connections.

all it does it allow 2 simutainious requests per host

now this is a big problem, and there must be a way to stop a user on a connection from creating more than x amount of connections to server server, surely there is?

anyone know how?

remember, he is just creating 900+ connections to apache. he ain't sending any http requests.

at the moment im blocking his/her ip with firewall, but i would like to know how to handle this

thanx apache dos attacks

 

 

 

 

Top