How to Stop a Denial of Service on a web server
The basic principle is to identify where the requests are coming from (IP address) and updated the apache config to deny connections from that IP. For now this is just a repost of what I sent to the list: Beezer ran out of memory over lunch. The oom killer zapped something important which meant I couldn't log into it (even as root on the console). Sending it a Break-Kill let me log in as root and then reboot. From the serial console:CTRL-] CTRL-] l 0 i # That's "elle-zero-eye"Some of the vision groups pages were/are being swamped by 219.143.205.101 I've denied him access by adding:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^219.143.205.101$
RewriteRule ^.* - [forbidden]
to the beezer:/disk/beezer1/httpd/conf/groups.conf file. (Note that beezer is
the new stoater for just now). The above is a better way of denying that IP,
rather than the previous:
<location /vision/CAVIAR/CAVIARDATA1 > order allow,deny Deny from 219.143.205.101 </location>As if you are not denied, then you are allowed (duh!), but that allow overrides any other sort of denies that may be in .htaccess files or <directory> directives that were protecting that area. ie you could be opening up access to more than was originally configured. So that deny isn't "also deny" it is "forget all existing allow/deny and only deny connections from that IP everyone else gets in". -- NeilBrown - 18 Mar 2010
Topic revision: r1 - 18 Mar 2010 - 11:52:31 - NeilBrown
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies