-1
如何针对DOS,DDOS保护Apache webserver。防止针对Apache的HTTP(s)拒绝服务攻击
注意:已经在iptables.still中添加了规则,我收到了syn请求。
错误: -
[[email protected] ~]# dmesg | grep -i syn
megasas: fasync_helper was not called first
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 8080. Sending cookies.
possible SYN flooding on port 25. Sending cookies.
[[email protected] ~]# netstat -n | grep :80 | grep SYN |wc -l
64
iptables规则
[[email protected] ~]# iptables -L -v
Chain INPUT (policy ACCEPT 331M packets, 6033G bytes)
pkts bytes target prot opt in out source destination
24621 1320K ACCEPT tcp -- any any 173.4.4.4/24 anywhere tcp dpt:ssh
1314K 77M ACCEPT tcp -- eth0 any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 5/sec burst 5
20245 1196K DDOS_SYNFLOOD tcp -- any any anywhere anywhere tcp dpt:http flags:FIN,SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 321M packets, 6110G bytes)
pkts bytes target prot opt in out source destination
Chain DDOS_SYNFLOOD (1 references)
pkts bytes target prot opt in out source destination
18656 1108K ACCEPT all -- any any anywhere anywhere limit: avg 1/sec burst 3
1589 87748 DROP all -- any any anywhere anywhere
你需要给我们更多的细节。最重要的是 - 袭击如何确切地伤害了你?它是否超出您的入站带宽?您的出站带宽?你的内存?你的连接限制?或者是什么? –
我的服务器有24 GB RAM。 – Raj
#的httpd -l 在模块编译: core.c prefork.c http_core.c mod_so.c – Raj