Wednesday, March 25, 2009
Of easy and painless systems monitoring
What are your options? How much does it cost? What can you monitor? These are all questions I'll try to shed a light on. The solution I'm proposing today is one I used myself for years. I'm not legally obliged to 5-9 availability, yet this is what I achieved with a total cost of 0. Yep, z.e.r.o. zero. El zilcho.
I'm not saying this will work for anybody, neither am I pretending to be an expert on the issue at hand, but I learned a lot in a few years on the subject so here it is.
Monday, March 16, 2009
Evading (D)DOS attacks with Apache HTTPD
Its pretty easy to setup. Compile the module as you would normally do for HTTPD modules and create a configuration file. There are many options available. Here's an example of how to configure it.
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
DOSEmailNotify "my-monitoring-contact@domain.com"
DOSWhitelist 192.168.*.*
</IfModule>
More details on the configuration and how each parameter will affect the module behavior can be found out there on the net.
Beware though, before installing this, make sure you won't blacklist some legitimate users. For example, if you have a AJAX application that sends a burst of requests once in a while, it might get blacklisted. Make sure you test it in a development environment so you get the thresholds right.