Under HTTP Get Attack

[jayjaybaby]

Hello,


I am running the latest version of Litespeed enterprise.

My forums are getting hit with HTTP get requests at a rate of about 100 requests a second.

Now Litespeed and everything else is fine, it is just that PHP is getting pounded and everything slows down because of it. I have tried the access denied directorys (didnt work for some reason), I also have CSF and DDoS Deflate installed and they ban IPs but the attack seems to never stop. I checked via ssh and there is about 200 ips connected to my server. Does anyone have any advice on this? Reccomended throttling settings, phpsuexec settings etc and most importantly how can I "mitigate" this http get flood?


Regards

 

[mistwang]

try

http://www.litespeedtech.com/how-tos.html#qa_dos

 

[jayjaybaby]

try

http://www.litespeedtech.com/how-tos.html#qa_dos

What is the recommended setting for outbound bandwidth?



Regards

 

[mistwang]

It is not that important, you can set it to any value you like. You should consider the average size of the pages on your site.

 

[anewday]

Does TCP syn attack/flood target HTTP only or mostly?

Another person said the following helped them with ddos.

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j DROP

If I'm not mistaken, is that similar to the Requests/s throttling in Litespeed?

 

[mistwang]

It is to limit number of SYN packets per second at firewall, yes, it should be helpful in addition to throttling in LiteSpeed. Those two are complimentary, not the same.

 

[anewday]

Edited post above. So, SYN attacks target http most of the time? What would you suggest limit per second and burst?