If I have apache keepalive off. Does this open a new httpd process for every request on the server? Pages on my site makes about 29 GETS for the page content. So does this mean 30 HTTPD process open and close very quickly (on different sockets) to serve this content?
My reason for asking. I have been trying to set up ipables rules but am struggling. My site has been under some sort of DDOS attack on many occasions.
I would like to block more than 60 connection requests in 10 seconds. (this allows for up to 2 pages to be loaded concurrently)
I have added mod_evasive and tried fail2ban, even the ddos deflate
http://deflate.medialayer.com/, sure they ban ips eventually but it has already got to application level before these scan the logs and finally (sometimes) block the IP.
I would rather stop this at network level before it even gets to apache as it is really slowing my site down.
So Im wondering, with keepalive ON, would this would mean the 30 requests for page content would go through the same socket, meaning iptables couldnt detect how much is being requested?
Or am I talking rubbish...