These are my DoS settings: http://i.imgur.com/sVrtYuN.png
They are pretty lax, as there are some times when several clients are coming from the same public IP and are accessing 2 AJAX resources every 10 seconds long periods (120 requests per client/minute).
Is it possible to have different thresholds for specific domains or regex matching URLs? Or maybe disable this module completely for specific regex matching URLs?
Any suggestions? Or do I have to make it lax across the board?
Side question: what is the benefit/disadvantage of enabling/disabling mod_qos?
Thanks
DoS: site or URL specific thresholds
DoS: site or URL specific thresholds
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: DoS: site or URL specific thresholds
mod_qos is what we're replacing evasive with. Its like the waf where we need to develop rules and policy configuration in ASL Web to really take full advantage of. Definitely run it now if you can, its got some great functionality now for wordpress sites.
For mod_evasive, it can be a little counter-intuitive so we have this page to help guide you a little better:
https://atomicorp.com/wiki/index.php/Mod_evasive
Key concepts: it is a count over an interval. Ie: Count/Seconds. Generally you'd either want to start by increasing counts, or lowering intervals. Both at the same time might be too much change all at once.
For mod_evasive, it can be a little counter-intuitive so we have this page to help guide you a little better:
https://atomicorp.com/wiki/index.php/Mod_evasive
Key concepts: it is a count over an interval. Ie: Count/Seconds. Generally you'd either want to start by increasing counts, or lowering intervals. Both at the same time might be too much change all at once.
Re: DoS: site or URL specific thresholds
From what I understand, _qos will allow exactly what I need, correct?scott wrote:mod_qos is what we're replacing evasive with. Its like the waf where we need to develop rules and policy configuration in ASL Web to really take full advantage of. Definitely run it now if you can, its got some great functionality now for wordpress sites.
For mod_evasive, it can be a little counter-intuitive so we have this page to help guide you a little better:
https://atomicorp.com/wiki/index.php/Mod_evasive
Key concepts: it is a count over an interval. Ie: Count/Seconds. Generally you'd either want to start by increasing counts, or lowering intervals. Both at the same time might be too much change all at once.
Will enabling _qos disabled _evasive or do they run concurrently?
CentOS 6.9
ASL 4.0.19-37
ASL 4.0.19-37