DoS: site or URL specific thresholds

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

DoS: site or URL specific thresholds

Unread post by gaia »

These are my DoS settings: http://i.imgur.com/sVrtYuN.png

They are pretty lax, as there are some times when several clients are coming from the same public IP and are accessing 2 AJAX resources every 10 seconds long periods (120 requests per client/minute).

Is it possible to have different thresholds for specific domains or regex matching URLs? Or maybe disable this module completely for specific regex matching URLs?

Any suggestions? Or do I have to make it lax across the board?

Side question: what is the benefit/disadvantage of enabling/disabling mod_qos?

Thanks
CentOS 6.9
ASL 4.0.19-37
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: DoS: site or URL specific thresholds

Unread post by scott »

mod_qos is what we're replacing evasive with. Its like the waf where we need to develop rules and policy configuration in ASL Web to really take full advantage of. Definitely run it now if you can, its got some great functionality now for wordpress sites.

For mod_evasive, it can be a little counter-intuitive so we have this page to help guide you a little better:

https://atomicorp.com/wiki/index.php/Mod_evasive

Key concepts: it is a count over an interval. Ie: Count/Seconds. Generally you'd either want to start by increasing counts, or lowering intervals. Both at the same time might be too much change all at once.
gaia
Forum Regular
Forum Regular
Posts: 213
Joined: Tue Jun 09, 2009 12:57 pm

Re: DoS: site or URL specific thresholds

Unread post by gaia »

scott wrote:mod_qos is what we're replacing evasive with. Its like the waf where we need to develop rules and policy configuration in ASL Web to really take full advantage of. Definitely run it now if you can, its got some great functionality now for wordpress sites.

For mod_evasive, it can be a little counter-intuitive so we have this page to help guide you a little better:

https://atomicorp.com/wiki/index.php/Mod_evasive

Key concepts: it is a count over an interval. Ie: Count/Seconds. Generally you'd either want to start by increasing counts, or lowering intervals. Both at the same time might be too much change all at once.
From what I understand, _qos will allow exactly what I need, correct?

Will enabling _qos disabled _evasive or do they run concurrently?
CentOS 6.9
ASL 4.0.19-37
Post Reply