|
You need to clarify the type of attack. A SYN flood requires a very different mitigation response than does a application attack.
For SYN floods with spoofed IP addresses, there is little you can do at the server level. Most of the recommendation you find on the net will do little to help you out. Syn cookies, back queues, tcp tuning, firewalls etc. may help but it does not take much bandwidth to DOS apache using a syn flood.
For application level attacks, firewalls, mod dosevasive, mod security and others can help.
You really need to understand the type of attack before an effective solution can be launched. This may require taking a packet capture for analysis. Only with the proper identificaiton of the attack method can you being to find a suitable response.
|