Hi All,
Last day i have faced an attack on Apache/2.2.14 (Ubuntu).A user shoots 53 hits within 20 seconds from same IP and as a result db connections to MySQL increased.
a.) Is there any way in Apache to block these type of requests
b.) how can we trace when this type of attack happened to Apache.
Also I have noticed an entry in Apache error log during attack period
Error Log
[Wed Jul 20 20:28:49 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 753 for worker
http://localhost:8294/
[Wed Jul 20 20:28:49 2011] [debug] proxy_util.c(1825): proxy: worker
http://localhost:8294/ already initialized
[Wed Jul 20 20:28:49 2011] [debug] proxy_util.c(1902): proxy: initialized worker 0 in child 753 for (localhost) min=0 max=25 smax=25
ACCESS LOG
PUBLIC IP. LOCALIP - - [20/Jul/2011:20:28:32 -0400] "POST /test/submitForm HTTP/1.1" 200 5133 10274744 "https://www.mydomain.com/test/submitForm" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; AskTbFWV5/5.12.2.16749)
It would be great if someone can advise how to trace these type of attacks
Thanks
Ajayan