There are many articles explaining many ways to attack webservers (generic or specific) and even listing general rules for mitigating such attacks, e.g.:
- Do not accept connections with abnormally small advertised window sizes
- Drop connections that send request longer than X seconds
- Send RST or FIN after 30 seconds when client can't accept the data due to a full receive window
- Limit number of connections from same IP
- Drop more than X repetitive headers (such as
Range) - etc etc…
Are there ready to use, tested on prod configuration examples specific to webserver (we use Apache and Nginx) or system wide (Linux) that cover most common attacks?
Best Answer
This link is a good one. As always, read it very carefully and do your homework - not all of this may suit your environment. http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html