Comment 12 for bug 392759
Revision history for this message
| Oliver (oliver341) wrote Re: apache2 DoS attack using slowloris | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
The connlimit module in iptables is an excellent defence against Apache Denial of Service attacks. However, since upgrading to Karmic, iptables is no longer blocking simultaneous connections when requested for me.
I had previously been using:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT
However, worryingly, it no longer works for me. I can establish 20 simultaneous connections with the above firewall rule in place. I believe this should be fixed with some urgency, as my webserver has already been taken offline once by an attack (I stopped the attack by firewalling the attacker's IP address manually).
I've filed a bug report, please check your iptables connlimit and report back either way:
https:/