I have configured my server with various anti-DOS modules (mod_qos, mod_evasive etc). What I want to do now is run a simple PHP scrip that calls URLs on my site multiple times, in order to reach the various limits on the site. Ideally a script that can somehow open various URLs concurrently would be ideal.
Is this possible? And if not, what is the easiest way to simulate multiple requests from one IP?
I would prefer a tool that works in Windows 7?
Update: Remember, i want to be able to see if my server is actually blocking some of the requests. I've only played with AB for a little bit, but so far it hasn't shown me that requests were blocked?
i thinks you should try this tools,
Apache ab
Siege by Joe Dog Software
Apache JMeter
Apache Bench is easy and straightforward
you should also try tsung
here is something on github in ruby
but if you still want to simulate ddos in php, then i think in php you need to make use of socket and in loop send request to your server, and disconnect without waiting for response from your server, this way you can simulate it. like "Connect - Dispatch Request- Disconnect" and repeat this as many times possible.
This was very useful under Windows: OpenLoad
I executed it using:
openload.exe http://www.mysite.com 250
And then I could easily see the result in my Apache Error Log:
tail -f /usr/local/apache/logs/error_log
I could see:
[Mon Apr 08 12:09:05 2013] [error] mod_qos(031): access denied, QS_SrvMaxConnPerIP rule: max=50, concurrent connections=59, c=XX.XXX.XX.XXX
[Mon Apr 08 12:09:05 2013] [error] mod_qos(031): access denied, QS_SrvMaxConnPerIP rule: max=50, concurrent connections=60, c=XX.XXX.XX.XXX
etc
The simplest simulation would be by using an async xmlhttp request iterator function over an array various pages of the given domain at which the onload event initiates another page url call and cycle indefinitely, or for a certain large amount of times. And to make it a little bit more overwhelming, you'd open multiple instances of that same plain JS + HTML App, (say 9, or even 12) in parallel and see if anything happens or what will happen with the server after they've been running for a considerable amount of time and probably reached more than 1 million requests in about an hour of time.