Is there csf setting to block ip that require certain amount of requests?

Question

Is there CSF setting that would help me block certain IP's if they hit homepage to many times. We are under attack and I see some IP's doing 300 - 4000 requests. Is there easier way to block those with CSF?

Answer 1

You can set PORTFLOOD in the server. Try this and make changes in your csf.conf file

By dafualt

PORTFLOOD = ""

Change that to

PORTFLOOD = "80;tcp;20;5"

This means that if an IP is making 20 connections to port 80 in 5 seconds, Then csf will block that IP for at least 5 second after the last connection seen.

There will be a mandatory 5 second block before the block is lifted.