From owner-freebsd-questions@FreeBSD.ORG Tue Nov 25 09:11:47 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEAB716A4CE; Tue, 25 Nov 2003 09:11:47 -0800 (PST) Received: from munk.nu (mail.munk.nu [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 93BFF43FE3; Tue, 25 Nov 2003 09:11:46 -0800 (PST) (envelope-from munk@munk.nu) Received: from munk by munk.nu with local (Exim 4.24; FreeBSD) id 1AOgj0-000Byw-DX; Tue, 25 Nov 2003 17:11:42 +0000 Date: Tue, 25 Nov 2003 17:11:42 +0000 From: Jez Hancock To: freebsd-ipfw@freebsd.org, freebsd-questions@freebsd.org Message-ID: <20031125171142.GA45539@users.munk.nu> Mail-Followup-To: freebsd-ipfw@freebsd.org, freebsd-questions@freebsd.org References: <009601c3b36c$ca73c350$110d3ad4@VAHOXP> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <009601c3b36c$ca73c350$110d3ad4@VAHOXP> User-Agent: Mutt/1.4.1i Sender: User Munk Subject: Re: Protecting HTTP Server from D.O.S attacks and Log Watching X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2003 17:11:47 -0000 On Tue, Nov 25, 2003 at 05:57:12PM +0200, Vahric MUHTARYAN wrote: > I want to protect my Web Server from D.O.S attacks like people > make a too many conncection to my web server for buffer overflow example > . > if I use limit option of ipfw Does it possible or Does it true way to > protect . > > For example : > > #ipfw add allow tcp from any to me 80 setup keep-state limit src-addr 30 You could also use an apache module such as mod_throttle or mod_bwshare to throttle incoming connections to the httpd - presuming you're using apache. mod_throttle is in ports, mod_bwshare isn't. -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/