Under HTTP Get Attack

Discussion in 'General' started by jayjaybaby, Aug 28, 2008.

  1. jayjaybaby

    jayjaybaby Active Member


    I am running the latest version of Litespeed enterprise.

    My forums are getting hit with HTTP get requests at a rate of about 100 requests a second.

    Now Litespeed and everything else is fine, it is just that PHP is getting pounded and everything slows down because of it. I have tried the access denied directorys (didnt work for some reason), I also have CSF and DDoS Deflate installed and they ban IPs but the attack seems to never stop. I checked via ssh and there is about 200 ips connected to my server. Does anyone have any advice on this? Reccomended throttling settings, phpsuexec settings etc and most importantly how can I "mitigate" this http get flood?

  2. mistwang

    mistwang LiteSpeed Staff

  3. jayjaybaby

    jayjaybaby Active Member

  4. mistwang

    mistwang LiteSpeed Staff

    It is not that important, you can set it to any value you like. You should consider the average size of the pages on your site.
  5. anewday

    anewday Moderator

    Does TCP syn attack/flood target HTTP only or mostly?

    Another person said the following helped them with ddos.

    iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j DROP
    If I'm not mistaken, is that similar to the Requests/s throttling in Litespeed?
    Last edited: Dec 10, 2008
  6. mistwang

    mistwang LiteSpeed Staff

    It is to limit number of SYN packets per second at firewall, yes, it should be helpful in addition to throttling in LiteSpeed. Those two are complimentary, not the same.
  7. anewday

    anewday Moderator

    Edited post above. So, SYN attacks target http most of the time? What would you suggest limit per second and burst? :)

Share This Page