ddos

How can I implement rate limiting with Apache? (requests per second)

点点圈 提交于 2019-11-26 11:34:13
What techniques and/or modules are available to implement robust rate limiting (requests|bytes/ip/unit time) in apache? Vinko Vrsalovic The best mod_evasive (Focused more on reducing DoS exposure) mod_cband (Best featured for 'normal' bandwidth control) and the rest mod_limitipconn mod_bw mod_bwshare Diego F. Durán As stated in this blog post it seems possible to use mod_security to implement a rate limit per second. The configuration is something like this: SecRuleEngine On <LocationMatch "^/somepath"> SecAction initcol:ip=%{REMOTE_ADDR},pass,nolog SecAction "phase:5,deprecatevar:ip

Application vulnerability due to Non Random Hash Functions

一个人想着一个人 提交于 2019-11-26 07:55:10
问题 Below excerpt is from an article that explains possibility of Denial Of Service(DoS) attack because of non random hash functions used in Hash Data Structures. […] the condition can be leveraged by exploiting predictable collisions in the underlying hashing algorithms. In order to verify it I went through reference implementation of Java HashMap from Oracle and indeed found a static hash functions used: static int hash(int h) { h ^= (h >>> 20) ^ (h >>> 12); return h ^ (h >>> 7) ^ (h >>> 4); }

How can I implement rate limiting with Apache? (requests per second)

≡放荡痞女 提交于 2019-11-26 02:27:58
问题 What techniques and/or modules are available to implement robust rate limiting (requests|bytes/ip/unit time) in apache? 回答1: The best mod_evasive (Focused more on reducing DoS exposure) mod_cband (Best featured for 'normal' bandwidth control) and the rest mod_limitipconn mod_bw mod_bwshare 回答2: As stated in this blog post it seems possible to use mod_security to implement a rate limit per second. The configuration is something like this: SecRuleEngine On <LocationMatch "^/somepath"> SecAction
订阅 ddos