{"id":164,"date":"2011-01-26T11:09:04","date_gmt":"2011-01-26T11:09:04","guid":{"rendered":"http:\/\/blogs.silicontechnix.com\/?p=164"},"modified":"2011-01-26T11:09:04","modified_gmt":"2011-01-26T11:09:04","slug":"preventing-layer-7-ddos-attacks-on-a-service","status":"publish","type":"post","link":"https:\/\/blogs.silicontechnix.com\/?p=164","title":{"rendered":"Preventing Layer 7 DDoS Attacks on a Service"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>You might heard about Application\u2010level <a href=\"http:\/\/en.wikipedia.org\/wiki\/Denial-of-service_attack\">DDoS (Distributed Denial of Service) attacks<\/a> on websites such as Twitter, Facebook and Wikileaks. Usually those kind of attacks involves a large number for HTTP\/HTTPS requests to specific part of the website that could potentially eat up all the resource of&nbsp; the server resulting unresponsive behavior from the web server.<\/p>\n<p>There are already some tools available to shut down any website and make it unreachable for legitimate users.<\/p>\n<p>Looking at the technique used to perform this attack, the tool sends about 10 Long HTTP\/HTTPS requests per second until it reaches bandwidth or connection limits of the hosts or networking equipment to make it offline.<\/p>\n<p>Now the question is how we can stop this attack? What are the preventive measures against the Layer7 DDoS?<\/p>\n<p>First of all, we start limiting the traffic using <strong>hashlimit <\/strong>on <strong> iptables<\/strong>. This module can be used to allow just a certain number of packets per minute:<\/p>\n<p>&nbsp;<\/p>\n<pre class=\"brush: bash;\">iptables -A INPUT -p tcp --dport 80 -m hashlimit --hashlimit-upto 50\/min --hashlimit-burst 20 --hashlimit-mode srcip --hashlimit-name http -j ACCEPT<\/pre>\n<pre class=\"brush: bash;\">iptables -A INPUT -p tcp --dport 80 -j DROP<\/pre>\n<p>where<strong> &quot;&#8211;hashlimit-burst 20&quot;<\/strong> is the burst limit, you can adjust as per your requirement.<\/p>\n<p>Also using Apache you can add a <a class=\"litmus_validated_good\" href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/mod_reqtimeout.html\" target=\"_blank\">module mod_reqtimeout<\/a>. This directive can set various timeouts for receiving the request headers and the request body from the client.<\/p>\n<p>\n\tHope this helps&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; You might heard about Application\u2010level DDoS (Distributed Denial of Service) attacks on websites such as Twitter, Facebook and Wikileaks. Usually those kind of attacks involves a large number for HTTP\/HTTPS requests to specific part of the website that could potentially eat up all the resource of&nbsp; the server resulting unresponsive behavior from the web [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[16,17],"tags":[69,72,70,73,71,480,74,75],"class_list":["post-164","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-apache","tag-attack","tag-ddos","tag-iptables","tag-layer7","tag-security","tag-web-server","tag-website"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p12j6H-2E","_links":{"self":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=164"}],"version-history":[{"count":6,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/164\/revisions"}],"predecessor-version":[{"id":170,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=\/wp\/v2\/posts\/164\/revisions\/170"}],"wp:attachment":[{"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.silicontechnix.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}