Forum
DoS attacks
Prit
10 July 2009, 22:47
Hiawatha version: 6.14
Operating System: Ubuntu 9.04 Server edition
Hi Hugo .. Are there any recommended configuration options that one can use for preventing DoS attacks on a Hiawatha server installation? If you don't mind, can you also mention other options to make the server more secure. Thanks for your help.
Prit
11 July 2009, 01:32
I did a load testing on the Hiawatha server using a free load testing tool and can clearly see that the BanOnFlooding is working great. I can see the load tester complaining with failed requests and 0 connections. I can also see this in the system.log.
Hiawatha is great. I love it. This will be my preferred server over Apache.
Hiawatha is great. I love it. This will be my preferred server over Apache.
Hugo Leisink
11 July 2009, 10:45
First of all, the security of your web environment mostly depends on your webapplications. Make sure those are secure.
Most of the time when your server is being probed for vulnerabilities, it will be done by an automated script which will be using the IP address of your server as the hostname. Give the default website (the website configuration not within a VirtualHost{} block) the IP address as the Hostname and give it an empty page.
Use the garbage logfile to collect misformed HTTP requests. Look at them regularly to see what people/scripts are trying on your webserver.
The BanOnMaxPerIP is nice to reduce the effect of a DoS attack. Of course you never can stop a DoS attack, but you can reduce the load on your server by ignoring the DoS-er.
For the rest, it's try, tweak and audit.
Thanks. And please, spread the word. The only thing Hiawatha is missing is reputation.
Most of the time when your server is being probed for vulnerabilities, it will be done by an automated script which will be using the IP address of your server as the hostname. Give the default website (the website configuration not within a VirtualHost{} block) the IP address as the Hostname and give it an empty page.
Use the garbage logfile to collect misformed HTTP requests. Look at them regularly to see what people/scripts are trying on your webserver.
The BanOnMaxPerIP is nice to reduce the effect of a DoS attack. Of course you never can stop a DoS attack, but you can reduce the load on your server by ignoring the DoS-er.
For the rest, it's try, tweak and audit.
Hiawatha is great. I love it. This will be my preferred server over Apache.
Thanks. And please, spread the word. The only thing Hiawatha is missing is reputation.
Prit
11 July 2009, 10:53
Thanks Hugo. You respond very fast. Its time for me to sleep now.
I will definitely spread the word. I am planning to talk to my community folks and try this server for a very high traffic website.
I will also create some banner and send it to you. Can't promise a great banner as I am more a programmer than a designer. If you like it, I will put that on my websites. You have already done all the hard work of developing. Marketing will definitely follow.
I will definitely spread the word. I am planning to talk to my community folks and try this server for a very high traffic website.
I will also create some banner and send it to you. Can't promise a great banner as I am more a programmer than a designer. If you like it, I will put that on my websites. You have already done all the hard work of developing. Marketing will definitely follow.
Hugo Leisink
11 July 2009, 10:57
Oke, sweet dreams. I just woke up
I use Hiawatha for several production servers, but they don't have a lot of users per day. Only several hunderds. Please, keep me updated about how Hiawatha is doing for your very high traffic website.
I use Hiawatha for several production servers, but they don't have a lot of users per day. Only several hunderds. Please, keep me updated about how Hiawatha is doing for your very high traffic website.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
