Discussion in 'Install/Configuration' started by Joeybe11, Jul 9, 2007.
What is the best configuration for maximum DDoS protection?
Please take a look at
I noticed this page is gone. Is it taken down?
moved to http://www.litespeedtech.com/how-tos.html#qa_dos
values for the config?
ok. i set some settings and i tried red lining some of the values for what i thought they should be. i can ddos my site with three ips making requests.....maybe you can provide some values in here that find work good?
i have tried playing with each setting listed in that link and nothing seems to work.
request on server
also if you think your configuration is good maybe i can try and ddos your server for like 5 seconds to see if my ddos is to good for this software.
you probably won't go for this though.
Some features like request rate limits are only available for enterprise license.
so does that mean that 3 machines can take down the server? give me the bottom line here. do i need an enterprise edition to stop a ddos or what?
i have been putzing around with this because there is next to no solid "your new to this" documentation. i have called and tried to get a simple answer as to whether is really installed or not and i can't seem to even get an answer as to know definitely if its installed and working in place of apache.
im about 2 steps from giving up and saying F it as i have spent 20 hours on this already.
what do i have to do to ddos proof my server.
When properly configured, 3 machine cannot take down the server.
For best DDoS protection, please apply a trial key of LSWS enterprise.
Besides LSWS configuration, your linux kernel need to be configured properly as well.
level of attack
what kind of attack will it withstand? will it withstand a moderate one?
Yes, it should, you need to use it together with iptables to block offending IPs.
A user review
ok. are there specific configurations values for specific fields that should be set for this to prevent ddos. p.s. my site is http://www.hosty.net in case it helps. currently its setup with a port offset of 1000.
Static Requests/Second 20
Dynamic Requests/Second 1
Connection Soft Limit 10
Connection Hard Limit 20
Grace Period (sec) 30
Banned Period (sec) 300
Request rate limit is only available in Enterprise edition.
port offset and no mapping
ok great. thanks for that info. it appears im having a larger problem.
this is where im at:
i have it installed with a 1000 port offset and can view port 1080 as the server but it shows the litespeed httpd page and 7080 is the admin page which works fine. the links work ok for hello world etc on the lsws httpd page for when i go to hosty.net:1080 or myipaddress:1080. im guessing it should be mapping to the domain name you request when you do http://hosty.net:1080 right? it gives me the litespeed page.
1) i think i have to add listeners to fix this problem. is this correct?
2_ i have like several hundred people though. is there any one configuration that will handle this automagically?
3) also to wrap it all up, once i get that i think i just need to change the port offset, stop apache and restart lsws. am i way off base here?
i have never done anything like this before.
thanks so much for your help in advance. im exited to try out your product.
Are you using a hosting control panel? which one? Please follow the respective tutorial in our wiki.
If Apache configuration has been loaded successfully, it should show the correct page.
Maybe you set the default listener to port 1080, you should remove that listener.
ok i removed the listener. then the httpd page stopped showing up. so i removed the virtual host. then the httpd page came back up but now none of the links work. so now there are no listeners and no virtual hosts.
i want to test this before cutting it over. to the correct port. thats why i set it to port 1080. i have followed the directions to the T about 10 times.
Can you PM me the LSWS web console login?
Are you using cPanel?
The problem with your Apache httpd.conf is that domain name has been used for the vhost configuration, like "<VirtualHost domain_name:80>", LSWS need "<VirtualHost IP:80>", so you will find following messages in error log.
should i make the virtual hosts in litespeed or in the file?
Separate names with a comma.