Date: Tue, 26 Sep 2000 04:51:25 -0500 (CDT) From: Mike Meyer <mwm@mired.org> To: Matthew Emmerton <matt@gsicomp.on.ca> Cc: questions@freebsd.org Subject: Re: tarpitting bad HTTP requests (WAS: RE: question) Message-ID: <14800.29085.507370.889017@guru.mired.org> In-Reply-To: <13067279@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Emmerton writes: > [ crossposting to freebsd-net since this concerns TCP connection > limiting ] > On Mon, 25 Sep 2000, webmaster wrote: > > Well, thats just it. > > I'm thinking if I can slow down the attacks then have the > > perl program wite a redirect to the htaccess it will save > > resources. In other words, I have a random mix of proxy > > servers and script kiddies hitting this server. > > All of them are on very fast connections and sometimes > > will hit the server 30,000 times each before the software > > can redirect them. If I can find a way to slow the attacks > > the perl program can then execute and redirect without using > > up all these resources or generating thousands of logs. > > There are really two issues to this problem: > - - how to detect people who are flooding the server > - - how to handle those who are. > > If there is some type of distinct pattern of URLs that originate from a > single host, then that can be captured. However, I doubt this so the only > resort is to have some sort of threshold on the number of times a single > client can connect to the server during a specific timeframe. > > Although this could be implemented in the web server, there are problems: Well, thttpd (it's in the ports tree) implements URL-based throttling. If that's the problem, it's probably worth a look. > - - the information on clients would have to be shared across all server > instances, as people hammering the server will most likely have requested > processed by all instances I don't believe thttpd has this problem. > Does anyone know of a way to control TCP flooding for servers that don't > run from inetd and serve multiple client requests from one instance? Use a server that only has one instance, and deals with multiple outstanding requests via select/poll/kevent. That's mechanism provides better performance than multiple server instances anyway. <mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14800.29085.507370.889017>