Stop DDoS attack with Apache + Fail2ban


I write because I have a problem that I am not able to solve ... I have a server which receives denial of service attacks from different IPs at times.

The vast majority of these attacks I have stopped using Apache + Fail2ban, denying iptables access to any IP that makes more than 10 simultaneous requests per second. The problem I have is that Apache log determined by the LogFormat, comitea in the access log in a disorderly way sometimes. This is because different requests have different sizes. And it may be that a request made one second after another is saved in the log before the one that was first made. With which Fail2ban does not recognize the attempts as simultaneous when there is an attack and it obviously enters and affects the server.

I was trying to change the Apache LogFormat so that the requests are logged in the order in which they were made, regardless of the duration or weight of the request, without being able to do so. I consulted, someone has suffered something similar and found a solution for Apache loguee petitions orderly? ...

Thank you very much !!

asked by Pablo Galassi 25.02.2016 в 22:16

0 answers