Preventing DOS Attack to Apache Using CSF Firewall

by Selva 2009-05-04 19:37:03

What is a DOS Attack ?

DOS (denial-of-service) Attack means getting a flood of request from an IP to a service ( like apache ) running in your server,so that the service become down or making the service unavaliable to other(real) user who needs to use the service . The hackers often make DOS attack to the apache webserver ( running in port 80 ),to make webserver down.

How to prevent DOS Attack to apache using CSF firewall ?

CSF is iptables based firewall.It is a effective one and used in most Linux servers.

Using CSF firewall you can eliminate DOS attack to apache in a easy way,by using the following steps :

Step 1 : Open the CSF configuration file /etc/csf/csf.conf

Step 2 : In that search for option called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=60 ,here 60 is the max no.of connections from an IP to your server ( choose this value according to your server usage )

Step 3:Now search for option called CT_PORTS.This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attck to apache - port 80 , change CT_PORTS = "" to CT_PORTS = "80"

When you do the above steps ,then if your server have 60 established connection from a IP to apache ,it considered as DOS attack and that IP is blocked in firewall

Note: In CT_PORTS you can sepcify the ports to be prevented for DOS attack,that is if want prevent DOS attack to mail server that specify CT_PORTS="25".You can specify any no.of ports in a comma seprated format,like CT_PORTS="80,25,110"

Tagged in:


You must LOGIN to add comments