DOS and SynFlood attack prevention is best and easiest done at the router level by your webhost.

sorry, I should have been more specific. I mean overloaded by genuine requests, i.e. say if google or slashdot, or cnn just randomly decided to link to you off their front page. ( extreme example ). And I'm talking about Apache running on Linux

The aim being the webserver doesn't get so busy that I can't log in using ssh and kill apache before it brings the whole system down

I think bretts aproach would fix what your refering too. The only other solution you could come with would be your idea of a cron job, if your are extreamly concerned this is going to happen have the cron job check the load every few min this though can also increase the load on the computer but shouldnt be enough to bring it down. Have it restart apache to reset the load and you should come out ok and be able to log in and watch it. The likely hood of this happening is probably slim unless you are running a massive site, if this is the case your gonna be better off having mirrored servers and a router splitting the traffic to those. Or less I dont understand either.

Just tell apache not to start to many concurrent processes:

From the Apache documention:

The MaxClients directive sets the limit on the number of simultaneous requests that can be supported; not more than this number of child server processes will be created.

René.

I think your idea of a cron job is a good one, if you want different conf. of apache running based on server load.

I.ex:

#! /usr/bin/perl
$alertvalue = 400;
#let's find a 'load' value of the 'waiting' HTTP:80 requests.
$numwait = `netstat -an ¦ grep -c ':80.*TIME_WAIT'`;
if($numwait > $alertvalue) {
# do something with your httpd.conf
# [ i.ex. change MaxClients & ThreadsPerChild values, if you're on a Apache 2]
# gracefully restart the server
system "kill -USR1 `cat /var/run/httpd.pid`";
}
exit 0;

And, as Brett pointed out, if you're often under SYN-ddos attack, an:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

may help.

P.S. [this board changes some ASCII chars..
so be careful in typing 'your' pipe (-> '¦' here) char.]

cminblues

>> Just tell apache not to start to many concurrent processes:
>> From the Apache documention:
>> The MaxClients directive sets the limit on the number of
>> simultaneous requests that can be supported; not more than
>> this number of child server processes will be created.
>>
>> René.

Thanks, this is what I was looking for. It seems to work well.
I had never needed to use it though becasue i didn't have such a popular site.

re the perl script, nice :) i'll give ti a go