Best configuration for DDoS protection?

Discussion in 'Install/Configuration' started by Joeybe11, Jul 9, 2007.

  1. Joeybe11

    Joeybe11 Member

    What is the best configuration for maximum DDoS protection?
    Last edited: Jul 9, 2007
  2. mistwang

    mistwang LiteSpeed Staff

  3. DJ XtAzY

    DJ XtAzY Active Member

  4. mistwang

    mistwang LiteSpeed Staff

  5. values for the config?


    ok. i set some settings and i tried red lining some of the values for what i thought they should be. i can ddos my site with three ips making requests.....maybe you can provide some values in here that find work good?

    i have tried playing with each setting listed in that link and nothing seems to work.

  6. request on server


    also if you think your configuration is good maybe i can try and ddos your server for like 5 seconds to see if my ddos is to good for this software.

    you probably won't go for this though.

  7. mistwang

    mistwang LiteSpeed Staff

    Some features like request rate limits are only available for enterprise license.
  8. so does that mean that 3 machines can take down the server? give me the bottom line here. do i need an enterprise edition to stop a ddos or what?

    i have been putzing around with this because there is next to no solid "your new to this" documentation. i have called and tried to get a simple answer as to whether is really installed or not and i can't seem to even get an answer as to know definitely if its installed and working in place of apache.

    im about 2 steps from giving up and saying F it as i have spent 20 hours on this already.

    what do i have to do to ddos proof my server.
  9. mistwang

    mistwang LiteSpeed Staff

    When properly configured, 3 machine cannot take down the server.
    For best DDoS protection, please apply a trial key of LSWS enterprise.
    Besides LSWS configuration, your linux kernel need to be configured properly as well.
  10. level of attack

    what kind of attack will it withstand? will it withstand a moderate one?
    kevin quinn
  11. mistwang

    mistwang LiteSpeed Staff

  12. actual config


    ok. are there specific configurations values for specific fields that should be set for this to prevent ddos. p.s. my site is in case it helps. currently its setup with a port offset of 1000.

    kevin quinn
  13. mistwang

    mistwang LiteSpeed Staff

    Static Requests/Second 20
    Dynamic Requests/Second 1
    Connection Soft Limit 10
    Connection Hard Limit 20
    Grace Period (sec) 30
    Banned Period (sec) 300

    Request rate limit is only available in Enterprise edition.
  14. port offset and no mapping


    ok great. thanks for that info. it appears im having a larger problem.

    this is where im at:
    i have it installed with a 1000 port offset and can view port 1080 as the server but it shows the litespeed httpd page and 7080 is the admin page which works fine. the links work ok for hello world etc on the lsws httpd page for when i go to or myipaddress:1080. im guessing it should be mapping to the domain name you request when you do right? it gives me the litespeed page.

    1) i think i have to add listeners to fix this problem. is this correct?

    2_ i have like several hundred people though. is there any one configuration that will handle this automagically?

    3) also to wrap it all up, once i get that i think i just need to change the port offset, stop apache and restart lsws. am i way off base here?

    i have never done anything like this before.

    thanks so much for your help in advance. im exited to try out your product.

    kevin quinn
    Last edited: Feb 25, 2008
  15. mistwang

    mistwang LiteSpeed Staff

    Are you using a hosting control panel? which one? Please follow the respective tutorial in our wiki.
    If Apache configuration has been loaded successfully, it should show the correct page.
    Maybe you set the default listener to port 1080, you should remove that listener.
  16. removed listners


    ok i removed the listener. then the httpd page stopped showing up. so i removed the virtual host. then the httpd page came back up but now none of the links work. so now there are no listeners and no virtual hosts.

    i want to test this before cutting it over. to the correct port. thats why i set it to port 1080. i have followed the directions to the T about 10 times.

    kevin quinn
  17. mistwang

    mistwang LiteSpeed Staff

    Can you PM me the LSWS web console login?
  18. mistwang

    mistwang LiteSpeed Staff

    Are you using cPanel?
  19. mistwang

    mistwang LiteSpeed Staff

    The problem with your Apache httpd.conf is that domain name has been used for the vhost configuration, like "<VirtualHost domain_name:80>", LSWS need "<VirtualHost IP:80>", so you will find following messages in error log.
  20. changes


    should i make the virtual hosts in litespeed or in the file?


Share This Page