1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Apache Server Timing Out / Long Waits

Discussion in 'Apache' started by ReadyFireAim, Aug 27, 2017.

  1. #1
    Hello everyone! I'm new and hoping I'm in the right place. I've run my website on my Apache server for quite some time now and recently ran into an issue that has me stumped.
    --


    Some background:
    My server has been DDOS attacked in the past requiring me to move my server behind a proxy/WAF. For some time I was behind Sucuri as it provided the best affordable defense at the time. The attacks tapered off and I moved to Cloudflare free to protect my IP address while lightening up on my monthly server costs. The switch was smooth and everything has been working fine for several months.
    SEMrush
    Recent events:
    I was recently hit again with what seemed to be a layer 7 attack. I could see several IP addresses making 10-20 requests every couple of seconds in my domain's access.log. Running netstat returned thousands of TIME_WAIT and SYN_RECV all with Cloudflare IP addresses. This lead me to believe the attack was against my domain, being proxied by Cloudflare, and reaching my server regardless of my security settings. I confirmed this by viewing the statistics provided by Cloudflare and seeing millions of requests being made in a short time period. Unfortunately this is making it even more difficult to pinpoint the attack.

    What I've done:
    I've enabled syn cookies, added mod_cloudflare to Apache, activated Cloudflare's WAF / rate limiting rules, blocked offending IP addresses, and used mod_evasive to automatically blacklist future offenders. This has reduced (and almost stopped) the amount of malicious requests seen in the Apache access log but has not resolved the timeouts.

    According to Cloudflare analytics, I've only received 16,000 requests in the previous 6 hours (as opposed to the tens of millions when I was being actively attacked) but I get timeouts on every other request (even directly connecting, without Cloudflare).

    --

    Sorry for the wall of text. I've been at this for a few days now and it's starting to bother my members. If my thread is in the wrong section - please forgive me and feel free to move. I highly appreciate the time taken to assist! Thanks!
     
    Last edited: Aug 27, 2017
    ReadyFireAim, Aug 27, 2017 IP
    SEMrush