|
How To -
Apache HTTP Server
|
|
Written by Christian Foronda
|
|
Thursday, 18 March 2010 11:35 |
|
While you can never completely protect yourself from DoS attacks, Apache provides you with a number of directives that you should consider manipulating to help protect your server from these kinds of affronts. The table below lists the directives recommended for review by the Apache group for servers that may become the subject of a DoS attack.
|
Directive
|
Apache 2.2/2.3 default
|
Advice/Description
|
|
TimeOut
|
300 seconds
|
Should be lowered on sites that are subject to DoS attacks. Setting this to as low as a few seconds may be appropriate, but could pose problems for some CGI scripts.
|
|
KeepAliveTimeout
|
5 seconds
|
May be also lowered or even disabled (not recommended) on sites that are subject to DoS attacks.
|
|
LimitRequestBody
|
0 bytes (unlimited)
|
Restricts the total size of the HTTP request body sent from the client. If DoS attacks are occurring as a result of large requests, limit request size.
|
|
LimitRequestFields
|
100 fields
|
Limits the number of HTTP request header fields that will be accepted from the client. If DoS attacks are occurring as a result of too many HTTP request headers, lower this number.
|
|
LimitRequestFieldSize
|
8190 bytes
|
Limits the size of the HTTP request header allowed from the client.
|
|
LimitRequestLine
|
8190 bytes
|
This directive sets the number of bytes that will be allowed on the HTTP request-line.
|
|
MaxClients
|
256 requests
|
Sets the limit on the number of simultaneous requests that will be served.
|
|
|
Last Updated on Thursday, 18 March 2010 11:37 |
