Rule of thumb for settings anti-DOS parameters in Apache for web appHow to best defend against a “slowloris” DOS attack against an Apache web server?Apache: What is the best anti Denial of Service module and caching combination for a penny auction site?How to make a certain web app on Apache server to use different proxy for downloading?Apache problems in performance test with mod_reqtimeoutCyclos4 - Apache as frontend for a Tomcat appnginx reverse proxy for Apache and a Node appReducing Apache Memory usage and Average Process Size Valuesnort rule for rdp dos attackApache case Insensitive mod_rewrite for single ruleHardening TLS web server Apache settings

How to get cool night-vision without lame drawbacks?

Should developer taking test phones home or put in office?

Can ADFS connect to other SSO services?

Hand soldering SMD 1206 components

Underbar nabla symbol doesn't work

Cascading Repair Costs following Blown Head Gasket on a 2004 Subaru Outback

C-152 carb heat on before landing in hot weather?

Has there been any indication at all that further negotiation between the UK and EU is possible?

Why did pressing the joystick button spit out keypresses?

Find the probability that the 8th woman to appear is in 17th position.

What reason would an alien civilization have for building a Dyson Sphere (or Swarm) if cheap Nuclear fusion is available?

Is a single radon-daughter atom in air a solid?

Are there any efficient algorithms to solve longest path problem in networks with cycles?

How does a blind passenger not die, if driver becomes unconscious

Why doesn't a marching band have strings?

Why do textbooks often include the solutions to odd or even numbered problems but not both?

Intuition for capacitors in series

3D Crossword, Cryptic, Statue View & Maze

How much will studying magic in an academy cost?

In the Marvel universe, can a human have a baby with any non-human?

Is there a way to split the metadata to custom folders?

What's currently blocking the construction of the wall between Mexico and the US?

What does "play with your toy’s toys" mean?

How can I politely work my way around not liking coffee or beer when it comes to professional networking?



Rule of thumb for settings anti-DOS parameters in Apache for web app


How to best defend against a “slowloris” DOS attack against an Apache web server?Apache: What is the best anti Denial of Service module and caching combination for a penny auction site?How to make a certain web app on Apache server to use different proxy for downloading?Apache problems in performance test with mod_reqtimeoutCyclos4 - Apache as frontend for a Tomcat appnginx reverse proxy for Apache and a Node appReducing Apache Memory usage and Average Process Size Valuesnort rule for rdp dos attackApache case Insensitive mod_rewrite for single ruleHardening TLS web server Apache settings






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I have Apache 2.4 running on a Windows 10 server, listening to connections from the Internet. This Apache instance serves an in-house PHP application. The PHP application connects to a local database and feeds data to a few mobile clients in JSON format. The data fed to the clients is mostly textual, but there are some word/excel/other documents as well.



The Apache security guide recommends to set the following parameters to help prevent DOS attacks:



  • KeepAlive

  • KeepAliveTimeout

  • LimitRequestBody

  • LimitRequestFields

  • LimitRequestFieldSize

  • LimitRequestLine

  • LimitXMLRequestBody

  • MaxClients

  • MaxKeepAliveRequests

  • MaxRequestWorkers

  • RequestReadTimeout

  • TimeOut

Considering the above scenario and a maximum number of 50 concurrent users, what would be the optimal settings for the above parameters?






apache-2.4 denial-of-service server-settings







share|improve this question






























    0















    I have Apache 2.4 running on a Windows 10 server, listening to connections from the Internet. This Apache instance serves an in-house PHP application. The PHP application connects to a local database and feeds data to a few mobile clients in JSON format. The data fed to the clients is mostly textual, but there are some word/excel/other documents as well.



    The Apache security guide recommends to set the following parameters to help prevent DOS attacks:



    • KeepAlive

    • KeepAliveTimeout

    • LimitRequestBody

    • LimitRequestFields

    • LimitRequestFieldSize

    • LimitRequestLine

    • LimitXMLRequestBody

    • MaxClients

    • MaxKeepAliveRequests

    • MaxRequestWorkers

    • RequestReadTimeout

    • TimeOut

    Considering the above scenario and a maximum number of 50 concurrent users, what would be the optimal settings for the above parameters?






    apache-2.4 denial-of-service server-settings







    share|improve this question


























      0












      0








      0








      I have Apache 2.4 running on a Windows 10 server, listening to connections from the Internet. This Apache instance serves an in-house PHP application. The PHP application connects to a local database and feeds data to a few mobile clients in JSON format. The data fed to the clients is mostly textual, but there are some word/excel/other documents as well.



      The Apache security guide recommends to set the following parameters to help prevent DOS attacks:



      • KeepAlive

      • KeepAliveTimeout

      • LimitRequestBody

      • LimitRequestFields

      • LimitRequestFieldSize

      • LimitRequestLine

      • LimitXMLRequestBody

      • MaxClients

      • MaxKeepAliveRequests

      • MaxRequestWorkers

      • RequestReadTimeout

      • TimeOut

      Considering the above scenario and a maximum number of 50 concurrent users, what would be the optimal settings for the above parameters?






      apache-2.4 denial-of-service server-settings







      share|improve this question
















      I have Apache 2.4 running on a Windows 10 server, listening to connections from the Internet. This Apache instance serves an in-house PHP application. The PHP application connects to a local database and feeds data to a few mobile clients in JSON format. The data fed to the clients is mostly textual, but there are some word/excel/other documents as well.



      The Apache security guide recommends to set the following parameters to help prevent DOS attacks:



      • KeepAlive

      • KeepAliveTimeout

      • LimitRequestBody

      • LimitRequestFields

      • LimitRequestFieldSize

      • LimitRequestLine

      • LimitXMLRequestBody

      • MaxClients

      • MaxKeepAliveRequests

      • MaxRequestWorkers

      • RequestReadTimeout

      • TimeOut

      Considering the above scenario and a maximum number of 50 concurrent users, what would be the optimal settings for the above parameters?






      apache-2.4 denial-of-service server-settings




      apache-2.4 denial-of-service server-settings






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 6 at 20:44









      kubanczyk

      10.9k4 gold badges30 silver badges46 bronze badges




      10.9k4 gold badges30 silver badges46 bronze badges










      asked Jun 6 at 19:41









      SteveSteve

      1114 bronze badges




      1114 bronze badges




















          0






          active

          oldest

          votes














          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970446%2frule-of-thumb-for-settings-anti-dos-parameters-in-apache-for-web-app%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970446%2frule-of-thumb-for-settings-anti-dos-parameters-in-apache-for-web-app%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          RemoteApp sporadic failureWindows 2008 RemoteAPP client disconnects within a matter of minutesWhat is the minimum version of RDP supported by Server 2012 RDS?How to configure a Remoteapp server to increase stabilityMicrosoft RemoteApp Active SessionRDWeb TS connection broken for some users post RemoteApp certificate changeRemote Desktop Licensing, RemoteAPPRDS 2012 R2 some users are not able to logon after changed date and time on Connection BrokersWhat happens during Remote Desktop logon, and is there any logging?After installing RDS on WinServer 2016 I still can only connect with two users?RD Connection via RDGW to Session host is not connecting

          Image
          Can I use my laptop, which says 100-240V, in the USA? Definition of Newton's first law Why did the ICC decide not to probe alleged US atrocities in Afghanistan? Is there ever any indication in the MCU as to how Spider-Man got his powers? Should pressure only be applied at the top of a pastry bag? How did Thanos not realise this had happened at the end of Endgame? On studying Computer Science vs. Software Engineering to become a proficient coder Why does the Earth follow an elliptical trajectory rather than a parabolic one? What's the word for the soldier salute? Why not just directly invest in the holdings of an ETF? Can a tourist shoot a gun in the USA? Why in a Ethernet LAN, a packet sniffer can obtain all packets sent over the LAN? What is Plautus’s pun about frustum and frustrum? Extrude the faces of a cube symmetrically along XYZ Why does my circuit work on a breadboard, but not on a perfboard? I am new to soldering How do I tell my supervisor...
          Read more

          How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

          Image
          Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
          Read more

          Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

          Image
          escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
          Read more