Limit X petitions per Y unit of time

Discussion in 'Feedback/Feature Requests' started by midulc, Feb 3, 2013.

  1. midulc

    midulc New Member

  2. NiteWave

    NiteWave Administrator

  3. midulc

    midulc New Member

    not effective

    In fact is not efective. Today attacks are done with a js code that makes a request per second like a real user, this is ran by thousands of computers. So only ways are cookie checking (urgent and great - see my other post) and this method i told you.

    If you dont want to improve litespeed just say it but this is really necessary and im thinking about going back to apache and nginx if not added as i need to stop those attacks this way.
  4. NiteWave

    NiteWave Administrator

    this looks a good post regarding test cookie:
    http://umumble.com/blogs/Infosecurity/538/

    litespeed's built-in anti-ddos has been approved to be effective to mitigate DDOS in many scenarios, but of course, it's not effective in all cases.

    in fact, litespeed already has javascript based anti-ddos module, but how to use it is not decided yet.

    the nginx test cookie module surely will give us a nice reference. Thanks.
  5. midulc

    midulc New Member

    When

    When will you add this feature? As I do need it urgently.
  6. webizen

    webizen New Member

    Please try the latest 4.2.2 which should support the the rules.
  7. midulc

    midulc New Member

    Which rules?

    Which rules are you talking about?
    Can you tell me the exact rules to put?
    Im not just talking about this, but also about the cookies module.
  8. webizen

    webizen New Member

    It is the rules in that blog in the beginning of the thread which you asked about initially.

    no ETA for js-based antiddos functions at this point as NiteWave mentioned.
  9. midulc

    midulc New Member

    Ok

    Can you tell me exactly how to put mod_Security rules? I can't get them working.
    I installed cpanel and then the module of litespeed for cpanel, what to putthe rules?
    Tried and cannot get them working.
    Thanks.
  10. midulc

    midulc New Member

    Oh, and..

    And also, which ip will this restrinct? The Client ip of the header or the remoteaddr?
  11. webizen

    webizen New Member

    The rules should work with latest 4.2.2. Client IP will be restricted.

Share This Page