Runbook

DDoS Attack on Apache HTTP Server.

Back to Runbooks

Overview

This incident type refers to a distributed denial-of-service (DDoS) attack on an Apache HTTP server. In a DDoS attack, a large number of requests are sent to the server, overwhelming its capacity to respond to legitimate requests. This can cause the server to become inaccessible to users and disrupt normal operations. Apache HTTP Server is a popular open-source web server software used by millions of websites, making it a common target for cyber attacks.

Parameters

Debug

Check if Apache HTTP Server is running

Check Apache HTTP Server logs for any suspicious requests

Show connections per IP address to the web server

Show which network interfaces are receiving the most traffic

Show the top 10 IP addresses with the most connections to the server

Show the top 10 IPs with the most requests to the server

Check if there are any open connections to the server

Check if there are any SYN packets flooding the server

Repair

Implement rate limiting: Implement rate-limiting to limit the number of requests a single IP address can make to the server.

Learn more

Related Runbooks

Check out these related runbooks to help you debug and resolve similar issues.