Securing Web Servers from DoS attacks entirely is not possible. However, we can limit the Dos and DDos attacks on Apache.
A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered.
This can be achieved by thwarting access to virtually anything: servers, devices, services, networks, applications, and even specific transactions within applications.
In a DoS attack, it's one system that is sending the malicious data or requests; a DDoS attack comes from multiple systems.
Generally, these attacks work by drowning a system with requests for data. This could be sending a web server so many requests to serve a page that it crashes under the demand, or it could be a database being hit with a high volume of queries.
The result is available internet bandwidth, CPU and RAM capacity becomes overwhelmed.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Apache queries.
In this context, we shall look into methods to secure Web Servers from DoS attacks.
There are three primary classes of DDoS attacks:
1. Volume-based attacks use massive amounts of bogus traffic to overwhelm a resource such as a website or server. They include ICMP, UDP and spoofed-packet flood attacks. The size of a volume-based attack is measured in bits per second (bps).
2. Protocol or network-layer DDoS attacks send large numbers of packets to targeted network infrastructures and infrastructure management tools. These protocol attacks include SYN floods and Smurf DDoS, among others, and their size is measured in packets per second (PPS).
3. Application-layer attacks are conducted by flooding applications with maliciously crafted requests. The size of application-layer attacks is measured in requests per second (RPS).
For each type of attack, the goal is always the same: Make online resources sluggish or completely unresponsive.
A DoS attack is an attempt to block a machine or network resource from accessing it by end-users.
In short, a temporary or indefinite interruption of the services of a host connected to the internet by attacking the network.
Now, lets take a look at methods we employed to prevent such attacks.
1. Update the Apache Version
First things first, we must ensure that we update the Apache to its latest version.
It is necessary to prevent attacks from known exploits only because of being outdated.
2. Optimize the Apache
Then we need to optimize default Apache configurations.
i. Lower The Apache Timeout :
The "Timeout" directive value must be lower than the default value "300" on the whole server or on the websites subjected to the Dos attack.
Since TimeOut is used for different operations, setting it to a low value can introduce problems with long running CGI scripts. So we should be careful about setting the Timeout value.
ii. Lower The Apache KeepAliveTime :
This directive is also set to be low on the sites that are subject to dos attack or on the whole server.
Some sites will go ahead and turn off the keepalives completely via KeepAlive. This results in other drawbacks on performance.
iii. Limit the Apache MaxClients:
If our server runs with low RAM and if the attackers consume most of the RAM, we can limit the number of Maxclients to a low value than the predefined value of 256.
iv. Limit RequestReadTimeout :
This directive allows us to limit the time a client may take to send the request.
3. Install a Firewall
We can install a firewall to limit the connections from an IP. By doing so, if a connection exceeds the predefined value, the firewall will automatically block that IP permanently or temporarily for a period of time.
The most common firewalls in Linux servers are CSF & LFD. We can enable the CT_Limit and set its value to the desired number to avoid DoS attacks.
4. Install Third-party modules
There are a number of third-party modules which can restrict DoS attacks.
i. mod_dosevasive :
A module for Apache to perform evasive action in the event of an HTTP DDoS attack or brute force attack.
It is a web application firewall (WAF). It acts as a filter and analyzes HTTP requests before the webserver handles them.
In addition, it provides protection from a range of attacks and allows for HTTP traffic monitoring and real-time analysis.
This article covers Tactics To Prevent DDoS Attacks & Keep Your Website Safe.
Basically, it is impossible to prevent DoS and DDoS attacks entirely. But we can limit them to a certain extend by implementing security actions mentioned in this guide.
Denial of service attacks are here to stay, and no business can afford to be unprotected.
Facts about DDoS Attacks:
1. DDoS stands for Distributed Denial of Service.
2. It is a form of cyber attack that targets critical systems to disrupt network service or connectivity that causes a denial of service for users of the targeted resource.
3. A DDoS attack employs the processing power of multiple malware-infected computers to target a single system.
Best Practices for Preventing DDoS attacks:
1. Develop a Denial of Service Response Plan
Develop a DDoS prevention plan based on a thorough security assessment. Unlike smaller companies, larger businesses may require complex infrastructure and involving multiple teams in DDoS planning.
2. Secure Your Network Infrastructure
Mitigating network security threats can only be achieved with multi-level protection strategies in place.
This includes advanced intrusion prevention and threat management systems, which combine firewalls, VPN, anti-spam, content filtering, load balancing, and other layers of DDoS defense techniques.
3. Practice Basic Network Security
The most basic countermeasure to preventing DDoS attacks is to allow as little user error as possible.
Engaging in strong security practices can keep business networks from being compromised.
4. Maintain Strong Network Architecture
Focusing on a secure network architecture is vital to security. Business should create redundant network resources; if one server is attacked, the others can handle the extra network traffic.
5. Leverage the Cloud
Outsourcing DDoS prevention to cloud-based service providers offers several advantages. First, the cloud has far more bandwidth, and resources than a private network likely does. With the increased magnitude of DDoS attacks, relying solely on on-premises hardware is likely to fail.