Portal Home > Knowledgebase > Articles Database > i need modesecurety Rule
i need modesecurety Rule
| Posted by mixmox, 05-09-2009, 04:29 AM |
| hello. we are under ddos.
i have install modesecurety on my cpanel.
can any one give me a good and powerfull config rule on modesecurety?
|
| Posted by prashant1979, 05-09-2009, 04:51 AM |
| You can download Mod Security Core Rules from http://www.modsecurity.org/download/...5-1.6.1.tar.gz. I also suggest installing CSF or APF Firewall in the server.
|
| Posted by mixmox, 05-09-2009, 07:43 AM |
| i have install mode securety by cpanel and
Mod Security > Edit config > Default Configuration
is this file include this config or its different?
|
| Posted by mikefrancis, 05-09-2009, 08:57 AM |
| Maybe you need something stronger then just mod security. Have you checked that?
|
| Posted by HivelocityDD, 05-09-2009, 10:01 AM |
| I think yes. It is the file which include the config.
|
| Posted by mixmox, 05-09-2009, 03:22 PM |
| hi mikef374 .
what you mean?
|
| Posted by Sam Robertson, 05-09-2009, 04:43 PM |
| mod_security is not going to stop a DDoS attack. You'll need to configure a firewall and notify your network provider to see if they can block it before it gets to your server (depending on the size).
Last edited by Sam Robertson; 05-09-2009 at 04:57 PM.
Reason: typo
|
| Posted by jayh, 05-10-2009, 02:39 AM |
| mod_evasive was made for this job.
"mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack..."
This and an advanced firewall like CSF / LFD should help you.
Edit:
What Sam said is quite right.
Last edited by jayh; 05-10-2009 at 02:43 AM.
Reason: Sam
|
| Posted by mixmox, 05-11-2009, 07:47 AM |
| tnx.
now my mode securety ban 10 ip.
how can i delete them from ban list?
|
| Posted by eth00, 05-11-2009, 09:05 AM |
| By default mod_sec only blocks the requests not the IP.
Did you load something like CSF to block it, or perhaps a custom ruleset for mod_sec?
|
| Posted by VIPoint, 05-11-2009, 10:10 AM |
| I will recommend to you to install mod_evasive in your server and configure it to stop the DOS attack.
Also, install a security firewall APF or CSF (I prefer CSF over APF). You can allow or deny access to the ips by adding the ips to firewall's allow/deny list.
|
| Posted by mixmox, 05-11-2009, 10:56 AM |
| tnx
you say that mod_securety only blocks the requests .
so what advantage mode_securety have, that we should install it on server ?
|
| Posted by eth00, 05-11-2009, 11:01 AM |
| Realistically mod_evasive does little against *most* attacks. We used to install it standard but even with pretty forgiving rules you have to bump the limits up pretty high to avoid most false positives. If you are under attack and can watch the logs you may be able to find a happy medium. Of course if they use many ips with slow requests it probably won't be able to help.
In terms of mod_security, it is a rule based security system. It does not target DDoS rather it targets exploits. If you are talking about specifically blocking a DDoS -- don't install it. All it will do is add overhead and slow you down.
APF/CSF are also nice but not exactly targeted towards blocking or really helping much at all for most attacks.
The key with a lot of what I said is *most attacks*, there are a lot of types out there!
|
Add to Favourites 
Print this Article
Also Read
