RFE: API for adding blocked IPs for a vhost/directory "from the side"

Discussion in 'Feedback/Feature Requests' started by ts77, Jun 13, 2006.

  1. ts77

    ts77 Well-Known Member

    Hello folks,

    I'm having my own DoS-protection build into my php-scripts.
    Those are checking how many accesses to the php-pages are done by which ip and so on.
    Once a user hits a given threshold his IP is added to a .htaccess-file and removed after a specified ban-time.

    that results in the following:
    which I don't see as a perfomance-enhancement with all its reloading of the htaccess ;-).

    Therefore I'd like to see a way to update the blocked ips for a vhost or directory through some api from an app.
  2. mistwang

    mistwang LiteSpeed Staff

    I think .htacess should serve this purpose well, should not be a performance hit itself.
    Actually, I think it may not be a good idea to do DoS detection in an external application, as one instance may not know the big picture and hard to make it accurate. Our builtin DoS prevention feature is more effiicient and accurate.
  3. ts77

    ts77 Well-Known Member

    Maybe your builtin dos-prevention is more efficient but I need to check more variables in the app which can't be done on the server-side, like which page was accessed how often and I don't need to take static files into account either.
  4. mistwang

    mistwang LiteSpeed Staff

    There is an option, "Dynamic Requests/second", for this kind of single point DoS attack, maybe it is not exactly what you have been doing in PHP, but should help.
  5. xing

    xing LiteSpeed Staff

    ts77, the best way is to drop packets via dynamic rules:


    With your customize security setup, the above would be the better way to stop traffic at a lower network layer. Otherwise, your blocked users are still wasting LiteSpeed's tcp connections.

Share This Page