Reputation: 802
DOS-protection in Apache
We have a small farm of REST-servers that are behind an Apache 2.4 webserver. Apache serves some static resources and proxies REST-calls to the backend. Every now and then we are hit by a DOS-attack (probably from malicious software on Android phones). The attack lasts several hours and fires over 10 requests per second.
I was hoping that Apache could detect such an attack and prevent the requests from reaching our backend servers. I tried mod_evasive but doesn't seem to work.
Is there some other module for Apache that can block malicious clients?
Upvotes: 1
Views: 424
Answers (1)
Reputation: 802
I ended up installing a new Ubuntu 16 server with Apache 2.4.18 and mod_evasive. Now it all works as expected.
My previous setup used an older Ubuntu 14 and Apache 2.4.8 so maybe that combination was not compatible with mod_evasive.
Upvotes: 1
Related Questions
- mod_evasive is not blocking IPs causing DoS, but is logging them
- Apache2 mod_evasive vs mod_security with OWASP crs when protecting against DDOS?
- Can mod_evasive be too aggressive and kill off good traffic?
- Denial of Service - how to prevent this
- How to enable DDoS protection?
- Does Apache have built in DDOS protection? I'm getting interesting JMeter results
- Blocking IP addresses, preventing DoS attacks
- How to limit connections per second and IP on apache2?
- apache html request parameters