For those interested in a plug-an-play configuration, I have put one on the haproxy site : here : http://haproxy.1wt.eu/download/1.3/examples/antidos.cfg

It should be pretty straight forward and should cover most use cases. It protects against Slowloris and Nkiller2.

Willy

You can (and should) increase the global maxconn in order to accept more connections if needed. Count about 16 to 32 kB of RAM per connection. You missed one important thing though : “timeout http-request”. It will automatically kill requests which take too long to complete. Also you were right to set the server’s maxconn, as eventhough haproxy may accept tens of thousands of connections, you don’t want your poor apache to get all of them should they complete in time. I think you should update your post with valid parameters, as I’m hearing requests from people who’d like to strengthen their apache setup. And many of them will probably use your config example anyway ;-) Also please remove the “nbproc” line, as I still see changed it too often in configs where people are experiencing trouble.

Willy