Knowledgebase
Knowledgebase
Portal Home > Knowledgebase > Articles Database > CSF + HTTP Flood
CSF + HTTP Flood
Posted by HostingFields, 03-02-2010, 01:24 PM Hello, In past 2 days i am having my server hit with HTTP FLOOD. LFD + CSF is automatically blocking floods, but, even with CSF they make Apache inaccessible for couple of minutes or so. What i found out that, this floods are coming usually from Thailand, ADSL (Dynamic IP provider). How could i block only this provider (fully) on CSF ? i Attached sample of LFD reports that i get on my email during this attack. I know that in CSF i can block Countries, but i am not sure that would be wise to do, since it blocks really lots of IP classes (not sure if that 100% is valid, only China, Japan for example) ?? Please advise, s-f-r-j Attached Thumbnails
Posted by esupports, 03-02-2010, 03:36 PM Hello, We cannot do it by editing csf configuration. By csf, we can block connections from an entire country. But could not block like you said. It can be possible through a simple shell script if lfd log is available.
Posted by @Matt, 03-02-2010, 04:58 PM I would check to see what your apache settings are set at for the number of allowed connections. You sure that your csf rules are strict enough?
Posted by HostingFields, 03-02-2010, 06:17 PM hi, can u pls be more specific (explain better) what you are talking about, and/or provide a sample if possible? thanks hi, i have set max connections in apache to 1000 - csf setting is set to 150 , where csf checks every 15 secs for established connections. Would you recommend anything different? thank you, s-f-r-j
Add to Favourites 
Print this Article
Also Read
