How can I prevent apache DoS flood?

apache-2.2 flooding

I've configured a server running apache and a couple of days ago I noticed in the logs that there are bots running endless queries to the site. The logs show that those bots are running about 60 queries per second for about 20 minutes coming from the same IP address. How can I limit the queries and what's the appropriate way of dealing with such bots?

Thanks in advance.


Consider installing a rate limiting software, it will help you to defend not only against lawful bots. You can use mod_evasive for Apache, or you can install Nginx as a frontend and use its HttpLimitZoneModule, it is built in.


I highly recommend the tool fail2ban (http://www.fail2ban.org/); we use it on our own servers and it is amazingly useful for limiting DoS floods for more than just Apache.

fail2ban actively monitors various logs for different patterns (we have ours set to just monitor Apache hits), and if it determines that there are too many hits in a certain amount of time from a specific IP, it will ban that IP for a period you determine (we use a 20 minute ban window)

fail2ban has pre-built packages for most distribution, or you can grab the source; being Python, you don't even need to compile it! :D

Related

Possible DNS Server memory leak
Recommended storage system for video streaming server [closed]
Unable to connect as a database contained user to an Azure SQL database
AS/400 error message - Cannot allocate device
VirtualHost not directing properly based on domain name
Debian squeeze kernel backports upgrade - moving forward?
CentOS - Percona MySQL - Not Reading /etc/my.cnf
Restrict login to SQL availability groups
nginx reverse proxy glassfish issues
Restore SQL Server 2005 backup db on SQL Server 2000
Load balancing ISPs on Ubuntu Server
Puppet - how can I copy a file to several user folders?