Rewrite rule against ddos ?

[wanah]

Hello,

I want to do something like this :

RewriteRule .* - [F]

But with nolog and not answering the call at all (treating it as a bad bot).

Can you please remind me how to get litespeed to stop answering the requst completly (not giving 403 error) and not logging the request.

I'm asking beacuse we moved a customer's site to a DDOS protected IP and the DDOS is still hitting litespeed. The 403 errors are using our bandwith and the error logging is using disk ressources.
Thanks

 

[NiteWave]

please refer
https://store.litespeedtech.com/store/knowledgebase.php?action=displayarticle&id=86

RewriteRule .* /empty.html [E=dontlog:1,E=nokeepalive:1,F]

create an empty.html (0 byte) so that minimize http body size;
donlog:1 so not log the request.

> to stop answering the requst completly

it may not be possible unless you block the IP in firewall.

 

[NiteWave]

just searched a bit more, you've a similar post before :
https://www.litespeedtech.com/support/forum/threads/black-hole-with-litespeed.7599/

 

[wanah]

Thanks that's what I was looking for and couldn't find.

I'll give blockbot:1 a try

 

[wanah]

Hello again,
It seems that I need to put this rule on a virtualhost level.

This is what I tried without success in the .htacces file :

RewriteCond %{REQUEST_URI} \/cgi\-sys\/defaultwebpage\.cgi
RewriteRule .* - [E=blockbot:1,E=dontlog:1]

If I create an include for the virtualhost would it be something like this ?

RewriteCond %{REQUEST_URI} \/cgi\-sys\/defaultwebpage\.cgi
RewriteRule /.* - [E=blockbot:1,E=dontlog:1]