Security challenge, rejecting specific requests without blocking IP

Discussion in 'Apache' started by rudibr7878, Jan 21, 2014.

0
  1. #1
    Hello

    I have been trying to solve a big problem for the last 2 weeks with one of our servers.

    The client using our system (web based w/ apache and php) is a contact center firm. They have about 120 operators, all connect to our websever with the same IP.

    We have been suffering DoS attacks from some of these operators. This are simple, browser attacks , namely 5 or 10 operators will just hold F5 key and bombard the server with requests when they shouldnt.

    We did manage to produce a php protection which will recognize the multiple requests and blacklist the user, but its "too late" because the request have already been sent and processed by the webserver.
    We use the user ID in the system to control who should be blacklisted, so this is all dependent on our own authentication.

    Ideally, we need something EXACTLY like mod_evasive, but for rejecting single requests instead of blocking the IP. Exemplifying : if a user calls the same url, 5 times, in a 3 second spawn, we will reject every next request for 30 seconds, but only the requests by that user.

    If the webserver can make any use of it, the user id is stored in a cookie.


    Any help, suggestion or help to brain storm this issue is greatly appreciated.
     
    rudibr7878, Jan 21, 2014 IP
  2. HalfDedi

    HalfDedi Greenhorn

    Messages:
    30
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    8
    #2
    may be it's not solving the solution, but have you tried adding cache server in front of the apache? try install varnish or nginx as reverse proxy to help reduce the load on apache
     
    HalfDedi, Jan 31, 2014 IP
  3. bartolay13

    bartolay13 Active Member

    Messages:
    735
    Likes Received:
    14
    Best Answers:
    1
    Trophy Points:
    98
    #3
    Actually i agree with @HalfDedi, you need to cache this requests, though.
    You are actually overdoing something that can be done simply.
     
    bartolay13, Feb 13, 2014 IP
  4. AlphaNine_Vini

    AlphaNine_Vini Active Member

    Messages:
    218
    Likes Received:
    10
    Best Answers:
    1
    Trophy Points:
    88
    #4
    CAche would resolve the problem. IF it doesn't I recommend to develop a script where it will kill the request if made more then as you set. For example 3 or 4 or 5. Is that a dedicated server. ?
     
    AlphaNine_Vini, Feb 16, 2014 IP
  5. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #5
    And on another note... how about talking to the client? Tell them to teach their people to not be idiots, and that the behaviour they show puts the server under strain, which again makes it work worse for the whole group?
    (I'm assuming now that these are employees, not random people sitting in front of a particular computer)

    Also... if 5-10 users holding down F5 breaks your app, it's badly coded, or running on a shared service somewhere with way too little omph to handle stuff.
     
    PoPSiCLe, Feb 17, 2014 IP