Best L7 DDoS Configurations?

[jaybot]

**deleted

 

[NiteWave]

#Fail2Ban is configured to ban IPs (and send to Cloudflare to block)

it makes sense to send IPs to Cloudflare to block.
but why use fail2ban ?
all the http connections is from Cloudflare, use fail2ban(or iptables), you can only drop Cloudflare IPs.

since Cloudflare server is in front of lsws, and actual connections are between CF and lsws, I'm not sure how connection soft/hard limit works in this case.

you can try further reducing "Dynamic Requests/second". Dynamic Requests usually consume much more resource(CPU / RAM etc) than static requests.

 

[jaybot]

The Cloudflare extension is installed and with that we can see the original IP address in access logs, not Cloudflare's IPs. So when fail2ban reads the access logs it's able to ban original IPs and send to Cloudflare.

And in litespeed we did this to see original IP:
1 - Go to your LiteSpeed Web Admin Console,
2 - Enable the option Use Client IP in Header in Configuration.

You think the best bet is to reduce "Dynamic Requests/second" to maybe 3? The website itself is a heavy vBulletin forum + Wordpress Blog.

Is there anything else I should do?

 

[NiteWave]

3 or 2 or 1, you can try all of them, then you know what's the best for your website.

So when fail2ban reads the access logs it's able to ban original IPs and send to Cloudflare.

fail2ban should be no way to ban original IPs ? however it can send those IPs to CloudFlare to ban them.

 

[jaybot]

Well, yes, it sends the IPs to Cloudflare to block if that's what you're asking...

I'm really wanting to know if there is more I can do to combat DDoS attacks with litespeed.