Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:mitigating-ddos-attacks [2019/01/10 15:45] Jackson Zhang |
litespeed_wiki:config:mitigating-ddos-attacks [2019/01/10 15:53] Jackson Zhang [Trusted IPs] |
||
|---|---|---|---|
| Line 53: | Line 53: | ||
| ===== Virtual Host-Level Bandwidth Throttling ===== | ===== Virtual Host-Level Bandwidth Throttling ===== | ||
| - | LiteSpeed Web Server version 5.0 introduces virtual host-level bandwidth throttling. This can be thought of as an extension of LSWS's **Per Client Throttling settings** explained as above, which allow you to control the amount of stress a single IP can put on your server. Virtual host-level bandwidth throttling allows you to customize bandwidth throttling, in Apache configs, for particular virtual hosts. Please check [[litespeed_wiki:config:vhost-level_bw_throttling|here]] for details. | + | LiteSpeed Web Server version 5.0 introduces virtual host-level bandwidth throttling. This can be thought of as an extension of LSWS's **Per Client Throttling settings** explained as above, which allow you to control the amount of stress a single IP can put on your server. Virtual host-level bandwidth throttling allows you to customize bandwidth throttling, in Apache configs, for particular virtual hosts through ''MaxConnPerClient <limit_for_connections>'',''LargeFileLimit [Type] [Minimum Size in kilobytes] [Speed in bytes/s]'', ''BandWidth [Origin] [Speed in bytes/s]'' and ''MinBandWidth all -1''. |
| + | . Please check [[litespeed_wiki:config:vhost-level_bw_throttling|here]] for details. | ||
| ===== Use Max Request/Response Settings ===== | ===== Use Max Request/Response Settings ===== | ||
| Line 168: | Line 169: | ||
| === Set Trusted IP on Virtual Host Level === | === Set Trusted IP on Virtual Host Level === | ||
| - | Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use "Trusted 1.2.3.4, 5.6.7.8" in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost. | + | Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use ''Trusted 1.2.3.4, 5.6.7.8'' in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost. |
| ==== Drop or Deny ==== | ==== Drop or Deny ==== | ||
| What if ModSecurity does a drop (TCP FIN) rather than deny for a trusted IP? The trusted list only has an effect on the "drop" action, but not on the "deny" action. A trusted IP won't be added to blacklist, but trust status has no effect on other actions. | What if ModSecurity does a drop (TCP FIN) rather than deny for a trusted IP? The trusted list only has an effect on the "drop" action, but not on the "deny" action. A trusted IP won't be added to blacklist, but trust status has no effect on other actions. | ||