Is there csf setting to block ip that require certain amount of requests?

StackOverflow https://stackoverflow.com/questions/17951364

  •  04-06-2022
  •  | 
  •  

Domanda

Is there CSF setting that would help me block certain IP's if they hit homepage to many times. We are under attack and I see some IP's doing 300 - 4000 requests. Is there easier way to block those with CSF?

È stato utile?

Soluzione

You can set PORTFLOOD in the server. Try this and make changes in your csf.conf file

By dafualt

PORTFLOOD = ""

Change that to

PORTFLOOD = "80;tcp;20;5"

This means that if an IP is making 20 connections to port 80 in 5 seconds, Then csf will block that IP for at least 5 second after the last connection seen.

There will be a mandatory 5 second block before the block is lifted.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top