in reply to identifying DOS attacks on apache server

I' m afraid a simple one liner (or even a complicated one) will not solve your DOS problems.

It does no good to find out (long) afterwards from checking the logs that your server was under a DOS-attack. You want to find out soonest possible and stop it right there!

If you want to do that, you have to use mod_perl as this allows you access to all stages of the request-cycle. The main problem however is how to identify a DOS attack as soon as possible and unfortunately I cannot give you any guidance here.

CPAN does not seem to have a handy module either, although things like Apache-BruteWatch or Apache::AuthChecker could be an inspiration.

If you just want to work with the logs, have a look at Apache::ParseLog.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

  • Comment on Re: identifying DOS attacks on apache server

In Section Seekers of Perl Wisdom