| Author |  | 
| Qmpeltaty 
 
 
 Joined: 06 Feb 2008
 Posts: 182
 Location: Poland
 
 | 
|  Posted: Thu 24 Oct '13 16:45    Post subject: Protect Apache against constant F5 |   |  
| 
 |  
| Today i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances. 
 Is there any good way to protect Apache against it ?
 |  | 
| Back to top |  | 
| James Blond Moderator
 
  
 Joined: 19 Jan 2006
 Posts: 7442
 Location: EU, Germany, Next to Hamburg
 
 |  | 
| Back to top |  | 
| Qmpeltaty 
 
 
 Joined: 06 Feb 2008
 Posts: 182
 Location: Poland
 
 | 
|  Posted: Thu 24 Oct '13 17:56    Post subject: |   |  
| 
 |  
| 
 mod_bw or mod_ratelimit ? I don't want to limit the bandwidth just prevent for f5 refresh abuses - i just want to prevent refreshing the same page more than once per second/few seconds.
 |  | 
| Back to top |  | 
| glsmith Moderator
 
  
 Joined: 16 Oct 2007
 Posts: 2268
 Location: Sun Diego, USA
 
 | 
|  Posted: Thu 24 Oct '13 20:17    Post subject: |   |  
| 
 |  
| I think mod_evasive would help best here but if set with too low a threshold, will not distinguish between someone hammering the F5 key or just serving normal content. |  | 
| Back to top |  | 
| Qmpeltaty 
 
 
 Joined: 06 Feb 2008
 Posts: 182
 Location: Poland
 
 | 
|  Posted: Fri 25 Oct '13 11:05    Post subject: |   |  
| 
 |  
|  	  | glsmith wrote: |  	  | I think mod_evasive would help best here but if set with too low a threshold, will not distinguish between someone hammering the F5 key or just serving normal content. | 
 
 Yes, you are absolutely right. the hardest part is to determine a threshold properly. Is there any way i could measure the requests/sec based on IP address ?
 
 Question : is it possible to use mod_evasive from apachehouse https://www.apachehaus.net/modules/mod_evasive2/ built with VC 2008 SP1 x64 with apachelounge Apache V10 distro ?
 |  | 
| Back to top |  | 
| glsmith Moderator
 
  
 Joined: 16 Oct 2007
 Posts: 2268
 Location: Sun Diego, USA
 
 | 
|  Posted: Fri 25 Oct '13 21:57    Post subject: |   |  
| 
 |  
| Q1: Don't know off hand. 
 Q2: From what I understand, VC10 is supposed to be able to use VC9 modules without problems.
 |  | 
| Back to top |  | 
| Qmpeltaty 
 
 
 Joined: 06 Feb 2008
 Posts: 182
 Location: Poland
 
 | 
|  Posted: Mon 28 Oct '13 10:06    Post subject: |   |  
| 
 |  
|  	  | glsmith wrote: |  	  | Q1: Don't know off hand. 
 Q2: From what I understand, VC10 is supposed to be able to use VC9 modules without problems.
 | 
 
 Is VC9 an equivalent name for VC 2008  ?
 |  | 
| Back to top |  | 
| James Blond Moderator
 
  
 Joined: 19 Jan 2006
 Posts: 7442
 Location: EU, Germany, Next to Hamburg
 
 | 
|  Posted: Mon 28 Oct '13 11:28    Post subject: |   |  
| 
 |  
|  	  | Qmpeltaty wrote: |  	  | 
 Is VC9 an equivalent name for VC 2008  ?
 | 
 
 Yes it is.
 |  | 
| Back to top |  | 
| Qmpeltaty 
 
 
 Joined: 06 Feb 2008
 Posts: 182
 Location: Poland
 
 | 
|  Posted: Mon 28 Oct '13 14:50    Post subject: |   |  
| 
 |  
|  	  | James Blond wrote: |  	  |  	  | Qmpeltaty wrote: |  	  | 
 Is VC9 an equivalent name for VC 2008  ?
 | 
 
 Yes it is.
 | 
 
 Thank you Steffen. Is there any other way to determine mod_evasive thresholds than by preparing statistics based on access log ??
 |  | 
| Back to top |  |