top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Making delay in apache

+2 votes
370 views

I have installed modsecurity on my apache server. When ever a bad request is logged by modsecurity, I process the logs of modsecurity logfile. I have set modsecurity in detection only mode and I want apache to not to response to bad request when I am processing the log of bad request.

Is anyone aware of some type of apache sleep or delay configuration that will easily allow me to configure this? For example, tell apache to wait 10 seconds before responding to any request.

posted Dec 29, 2013 by Amit Parthsarthi

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+2 votes

If you intend to develop some sort of a log manager program in order to process mod_security logs, it would be better to pipe Apache logs into a log manager daemon in order to process them simultaneously. Being the logs processed, you would be able to store the results into a database or do whatever the program is intended to.

answer Dec 29, 2013 by Sumit Pokharna
The problem of me is not how to process the modsecurity logs. My problem is how to make apache sleep or delay configuration? For example, tell apache to wait 10 seconds before responding to any request
I am not aware or even heard of such a configuration option, but if you require Apache not to process requests for a specified amount of time, you can use iptables in order to block traffic coming for port 80 for 10 seconds and release it after the job is done.
Similar Questions
+1 vote

I'm using apache 2.2 as front end and apache tomcat 6.0.37 as backend. I'm using mod_jk for connecting them.

The problem is. I'm using ssl certificates and configured ssl on apache. when I connect the site with https it works but when I click on an link it no more secure i.e. its not secure browsing anymore.

My requirement is as follows.

If user connects as https all the links should work as https. If the user connects as http all the links should work as http is such thing is possible?

0 votes

I started apache server which has worker as mpm in debug mode. I killed the process with kill -9 then it kills the process and stop debug. But when I am using kill -term PID then it is not killing process. Whereas kill -term PID is woking with prefork debug.Â
If I want to use kill -term PID in debug mode of worker then how to do that.

0 votes

I am a bit confused about the mod_rewrite documentation. It shows this rule to block hotlinking:

RewriteCond "%{HTTP_REFERER}" "!^$"
RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

however, I'd think a better rule would be:

RewriteCond "%{HTTP_REFERER}" "^$" [OR]
RewriteCond "%{HTTP_REFERER}" "!(www.)?example.com/.*$" [OR,NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

if I want to block anyone manually typing in a link (no referer) + hotlinking (probably has a referer). Do i need the [OR] on the 1st
RewriteCond and not the 2nd one? It seems to work with OR on both conditions.

+1 vote

We have 2 servers.
Server1 has a apache.
Server2 has a tomcat.

Now we see there are many syn recv connection via "netstat -ant". These kinds of connection are running out the CPU.

We googled it and found it looks like of syn recv attack.

So I just want to know:
1. How to verify it DOES is a syn recv attack?
2. Is there any way to fight against these kind of connections? Can I do some configuration at Apache?
3. Because our server1 is deployed at a cloud center. I guess these cloud center should also be attack?

...