Best configuration for DDoS protection?

#5
values for the config?

hi,

ok. i set some settings and i tried red lining some of the values for what i thought they should be. i can ddos my site with three ips making requests.....maybe you can provide some values in here that find work good?

i have tried playing with each setting listed in that link and nothing seems to work.

thehoodedcoder
 
#6
request on server

hi,

also if you think your configuration is good maybe i can try and ddos your server for like 5 seconds to see if my ddos is to good for this software.

you probably won't go for this though.

thehoodedcoder
 
#8
so does that mean that 3 machines can take down the server? give me the bottom line here. do i need an enterprise edition to stop a ddos or what?

i have been putzing around with this because there is next to no solid "your new to this" documentation. i have called and tried to get a simple answer as to whether is really installed or not and i can't seem to even get an answer as to know definitely if its installed and working in place of apache.

im about 2 steps from giving up and saying F it as i have spent 20 hours on this already.

what do i have to do to ddos proof my server.
 

mistwang

LiteSpeed Staff
#9
When properly configured, 3 machine cannot take down the server.
For best DDoS protection, please apply a trial key of LSWS enterprise.
Besides LSWS configuration, your linux kernel need to be configured properly as well.
 

mistwang

LiteSpeed Staff
#13
Static Requests/Second 20
Dynamic Requests/Second 1
Connection Soft Limit 10
Connection Hard Limit 20
Grace Period (sec) 30
Banned Period (sec) 300

Request rate limit is only available in Enterprise edition.
 
#14
port offset and no mapping

hi,

ok great. thanks for that info. it appears im having a larger problem.

this is where im at:
------------------
i have it installed with a 1000 port offset and can view port 1080 as the server but it shows the litespeed httpd page and 7080 is the admin page which works fine. the links work ok for hello world etc on the lsws httpd page for when i go to hosty.net:1080 or myipaddress:1080. im guessing it should be mapping to the domain name you request when you do http://hosty.net:1080 right? it gives me the litespeed page.

1) i think i have to add listeners to fix this problem. is this correct?

2_ i have like several hundred people though. is there any one configuration that will handle this automagically?

3) also to wrap it all up, once i get that i think i just need to change the port offset, stop apache and restart lsws. am i way off base here?

i have never done anything like this before.

thanks so much for your help in advance. im exited to try out your product.

kevin quinn
 
Last edited:

mistwang

LiteSpeed Staff
#15
Are you using a hosting control panel? which one? Please follow the respective tutorial in our wiki.
If Apache configuration has been loaded successfully, it should show the correct page.
Maybe you set the default listener to port 1080, you should remove that listener.
 
#16
removed listners

hi,

ok i removed the listener. then the httpd page stopped showing up. so i removed the virtual host. then the httpd page came back up but now none of the links work. so now there are no listeners and no virtual hosts.

i want to test this before cutting it over. to the correct port. thats why i set it to port 1080. i have followed the directions to the T about 10 times.

kevin quinn
 

mistwang

LiteSpeed Staff
#19
The problem with your Apache httpd.conf is that domain name has been used for the vhost configuration, like "<VirtualHost domain_name:80>", LSWS need "<VirtualHost IP:80>", so you will find following messages in error log.
Configuration for virtual Host [ServerName the_doamin_name.com] has been ignored.
 
Top