用 mod_reqtimeout
<IfModule mod_reqtimeout.c> RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 </IfModule>
用 mod_qos
<IfModule mod_qos.c> # handle connections from up to 100000 different IPs QS_ClientEntries 100000 # allow only 50 connections per IP QS_SrvMaxConnPerIP 50 # limit maximum number of active TCP connections limited to 256 MaxClients 256 # disables keep-alive when 180 (70%) TCP connections are occupied QS_SrvMaxConnClose 180 # minimum request/response speed (deny slow clients blocking the server, keeping connections open without requesting anything QS_SrvMinDataRate 150 1200 </IfModule>
用 mod_security
<IfModule mod_security2.c> SecRule RESPONSE_STATUS "@streq 408" "phase:5,t:none,nolog,pass, setvar:ip.slow_dos_counter=+1, expirevar:ip.slow_dos_counter=60, id:'1234123456'" SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,drop, msg:'Client Connection Dropped due to high number of slow DoS alerts', id:'1234123457'" </IfModule>
參考 How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server
留言