1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Apache DoS Attack Solution

Discussion in 'Plesk for Linux - 8.x and Older' started by Greg Sims, Feb 22, 2007.

  1. Greg Sims

    Greg Sims Basic Pleskian

    25
     
    Joined:
    Jan 22, 2007
    Messages:
    30
    Likes Received:
    0
    Hi There,

    Our site hosts a large number of .mp3 files. We're having problems with download software that generates a large number of requests (up to the maximum allowed on our box -- now 256) all from the same ip address. This frustrates other users that can't access the site for hours at a time. Needless to say, we need to find a solution.

    I found http://dominia.org/djao/limitipconn.html which comes highly recommended from a number of sources. I also found http://www.webhostgear.com/279.html which implements this Apache extension under cPanel. These two sites gave me some good ideas about what is required to install and get this working.

    We followed the authors install instructions with one modicifation:
    * wget http://domina.org/djao/limitipconn-0.04.tar.gz
    * tar xzvf mod_limitipconn-0.04.tar.gz
    * cd mod_limitipconn-0.04
    * edit the Makefile and point to /usr/local/psa/admin/bin/apxs
    * make
    * make install
    The change to the Makefile was needed as the apxs is not in the standard path. This is the only apxs on the system so it was the only choice we had.

    This sequence ran well and made the following updates to the system:
    (1) created limitipconn.so
    (2) limitipconn.so was copied to /usr/local/admin/libexe
    (3) LoadModule & AddModule directives were added to /usr/local/admin/conf/httpsd.conf

    This looks like we're moving in the right direction. Step (3) has me a bit concerned for a couple of reasons:
    (a) httpsd.conf has some comments in the top of the file that say "DO NOT EDIT THIS FILE!" as it will be overwritten. I'm not sure how long the LoadModule & AddModule will stay in this file. Perhaps I should create a httpsd.custom.include with only these two directives. Comments??
    (b) What is the relationship between httpsd.conf and /etc/httpd/conf/httpd.conf? It seems that httpd.conf is available for system customization -- at least there are no comments at the top to the contrary. I have made changes here and they do take effect when Apache is restarted.
    (c) The LoadModule & AddModule for limitipconn are not in httpd.conf so I'm not sure Apache is seeing them.

    I hope with a bit of cleanup this entry may help others with the same types of issues that I am seeing. Your help in making this happen is appreciated in advance!!

    Greg
     
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    you can throw your configs into /etc/httpd/conf.d/, anything in that directory ending in .conf will be parsed. So mod_limit.conf or something like that would do the trick
     
  3. Greg Sims

    Greg Sims Basic Pleskian

    25
     
    Joined:
    Jan 22, 2007
    Messages:
    30
    Likes Received:
    0
    Thanks A.R.T.!! Do you know what Plesk is doing with all this httpsd.conf stuff? I'd like to understand this a little better just to make sure I didn't break anything with the apxs and to help others that need to do this.

    Greg
     
  4. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    httpsd.conf is the config used for the plesk httpsd daemon. You probably dont want to mess with that. /etc/httpd/conf/httpd.conf is the vendor installed daemon, that will be appended to by PSA but not overwritten. You can make changes in that file, but I dont recommend it. Try using /etc/http/conf.d/*.conf instead. Those never get touched by PSA.

    Anything ending in .include is generated by PSA, so those you dont ever want to touch. Any changes will be overwritten.
     
Loading...