Ok, I have a site, and it serves all images and mp3s through a php script and can be controlled and limited, but I am now worried about overall bandwidth of my site. For example, what if someone just sends a million requests to one of my pages? Does anyone have any suggestions into server methods used to prevent this? Should I use mod_cband?
+2
A:
What I personally like to do, is control access via firewall as opposed to webserver. Using IPTABLES (linux only) to prevent that individual IPs start more than a specified number of connections. It's trial and error, as you need to calculate it right, but in an overall, that should prevent the attacker's connection rate
iptables -A INPUT -p TCP --dport 80 -m state --state NEW -j STOP-ABUSE
iptables -A STOP-ABUSE -m recent --set
iptables -A STOP-ABUSE -m recent --update --seconds 10 --hitcount 3 -j DROP
mod_cband is also pretty good (although I stopped using it and left it only for the firewall as described above), I reckon a combination of the two approaches will lead to satisfactory results.
Also, I'd suggest you take a look at mod_throttle, and described on the link.
Hope this helps you
UPDATE: As mentioned on my comment, firewall and mod_throttle are only available if you have access to them. As you mentioned you seem to be on a shared environment, so you most likely won't have access to the firewall. A few things could be done though.
You could enable mod_deflate (check with your host if it's available first), and also avoid hot-linking (i.e. other websites using your assets such as images and JS). An example of it is:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]
Marcos Placona
2010-04-11 22:42:04
I am on a virtual server and do not have access to httpdconf file, only the htaccess. Are these approaches still viable (including the firewall)?
Scarface
2010-04-11 22:45:10
If you have access to firewall, then yes. in case you don't, I'd say the only things you can do is add some HTACCESS rules, such as using mod_deflate, and stopping hotlinking
Marcos Placona
2010-04-11 22:48:15
Thanks marcos, I can probably just get the host to install mod_cband, or the mod_throttle components. Just to clarify things for myself, you mentioned IPTABLES applied to a firewall. I am kind of new to administration and more of a developer right now, so I ask, can you maybe just expand on what you are doing there, for example what document you are modifying and maybe some references into what commands you are executing in linux. This will just help me learn. Thanks again Marcos.
Scarface
2010-04-11 22:57:36
In a very simple way, my iptables is checking all the incoming connections to port 80, and checking if any single ip is trying to hit the webserver simultaneously, which in other words would indicate some form of attack. It checks for every 3 simoultaneous hits. As I said, it's pretty much trial and error, and depends on your application. Iptables is the native firewall on linux, and a quick google on the subject will return you loads of good resources.
Marcos Placona
2010-04-11 23:15:06
Thanks for your time Marcos, appreciate it +3
Scarface
2010-04-11 23:16:21
Glad it helped you.
Marcos Placona
2010-04-11 23:30:15