Forum Discussion

Nimbostratus

Jun 22, 2009

Apache DOS and LTMs.

Hello, Past week, the ISC team published some articles saying that there was some risk of DOS in Apache Servers: http://isc.sans.org/diary.html?storyid=6601 http://isc.san...

config

design

hwidjaja_37598

Altostratus

Jun 23, 2009

I think your apache servers behind BIG-IP are not affected. BIG-IP has Adaptive Reaping to protect DOS attack. Even though slowloris is not a TCP DoS but the equivalent of a SYN flood over HTTP, I believe this reaper will protect BIG-IP and the server behind from this attack. When BIG-IP starts running out of resource, it will begin closing idle connection.

Like what Aaron has mentioned earlier, using http vip would minimize the server impact.

References:

SOL4611: Overview of Adaptive Reaping (Click here):

The adaptive reapers are a DoS prevention measure and a function of available memory. As memory usage on the unit increases and additional SYNs are received, the BIG-IP system reacts to the excessive memory usage by closing idle connections

SOL7301: Protecting the BIG-IP LTM against denial of service attacks (Click here):

The BIG-IP system to remove connections from its connection table when the connection load surpasses a defined percentage of memory usage.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)