You sure it was just a http attack? Several hundred requests in a few minutes shouldnt really put it on it's knees, unless the server is a VPS with low memory/CPU usage limits, or the server itself is low on resources.

If you're using Apache, you should check into several modules to lock down your server. In this case, check out mod_evasive.

Server firewall wise:
I also suggest fail2ban and also CSF
http://configserver.com/cp/csf.html

Also you could try CloudFlare, but I've seen that cause a lot of problems at the same time. If you have a low traffic web site, I would suggest it. But if you ever expect a surge of traffic, CloudFlare could cause you headaches.

Another idea is that if you're server is at a datacenter, they can help on their end also.

On 3/18/2013 2:19 PM, J. Wade Michaelis wrote:

I have a CentOS web server that has recently been brought to a halt on two separate occasions. Checking the access.log, it appears that it was a Denial of Service (DOS) attack (hundreds of HTTP requests in a very short time, all from a single IP address).

I want to prevent these types of attacks from bringing the server to its knees. We have a hardware firewall (SonicWall) in place, but it isn't quite new enough to run the firmware that allows rate-limiting.

I have found a number of tutorials that show how to do this type of thing with IPTABLES. Is there a better solution?

Supposing I go with IPTABLES, do I need to include rules to allow FTP and SSH (the only other services on the server)?

Would any of you be willing to assist me with this?

Thanks,
~ j.
jwade@userfriendlytech.net
_______________________________________________
KCLUG mailing list
KCLUG@kclug.org
http://kclug.org/mailman/listinfo/kclug