Help with firewall rules

2025-04-10

I currently am under attack from about 2-3 IPs continously that change daily. Basically they try to overload the server and consume bandwidth and are very successful. I've installed APF+BFD but have avoided installing AntiDos because it breaks ftp connections.

Basically I have multiple hosts that attack the forums on my site. Each one opens 100 concurrent connects and trys to get as much as they can. They usually can get about 10,000 requests in before I catch them. Right now I'm looking for a guide to help me fix this.

My apache status:
Srv PID Acc M CPU SS Req Conn Child Slot Host VHost Request
1-227 16463 1/27/69871 W 0.48 1 2498 21.9 0.13 378.57 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh
2-227 16464 1/21/71157 W 0.56 1 2481 21.9 0.21 483.24 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh
7-227 16496 1/18/69462 W 0.38 0 2641 21.9 0.10 369.46 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh
8-227 16499 1/24/68595 W 0.35 0 2611 21.9 0.08 367.24 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh
20-227 16685 0/8/17016 _ 0.28 3 1681 0.0 0.07 101.16 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh
21-227 - 0/0/12632 . 0.10 5 155 0.0 0.00 75.35 193.95.241.189 www.domain.com HEAD /forums/index.php?amp;s
22-227 - 0/0/9161 . 0.07 16 2563 0.0 0.00 54.35 193.95.241.189 www.domain.com GET /forums/index.php?amp;sh

Some of netstat -n -p
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1800 FIN_WAIT2 16499/httpd
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1795 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1794 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1793 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1792 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1770 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1769 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1768 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1775 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1774 TIME_WAIT -
tcp 0 0xxx.xxx.xxx.xxx:80 193.95.241.189:1773 TIME_WAIT -

Apache httpd.conf
Timeout 30
KeepAlive On
MaxKeepAliveRequests 100 <-- per connection?
KeepAliveTimeout 5
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 160
MaxRequestsPerChild 0

If anyone has suggestions I would be very greatful.

Thanks