Reputation: 1914
auto complete and mod_evasive
One friend told me that my site is vulnerable to DDos or Slowloris attacks. I ask him what i can do about it. And he suggested mod_evasive, now here is my questions.
1 ) Is this enough to protect me?
2 ) I install the and set the mod_evasive and everything is working but now I have some problems with the ajax requests. I have a autocomplete friend mention like in twitter @username and i made it when the textarea is on keyup and when there is more then 3 symbols after @ to make an ajax requests and show some friends names. The problem is that when there are more than 4 symbols after @ it makes too many requests and the user is blocked for some time. How can that be fixed?
Upvotes: 1
Views: 1166
Answers (1)
Reputation: 829
Pretty old question, but I just ran into this problem too. You can solve this issue by editing "mod-evasive.conf" file.
<ifmodule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 20
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir /var/log/mod_evasive
DOSEmailNotify [email protected]
DOSWhitelist 127.0.0.1
</ifmodule>
You have to play around with "DOSPageCount" and "DOSPageInterval". You should find the harmony between legal ajax calls and ddos attacks. Im sure there are some more professional solutions to fix this problem like giving exceptions for ajax files but I had no time yet to look around for more information. I hope it helps...
Upvotes: 2
Related Questions
- mod_evasive is not blocking IPs causing DoS, but is logging them
- Apache mod_evasive issues
- How to resolve jquery auto complete issue
- DOS-protection in Apache
- jQuery Auto complete issue
- jQuery autocomplete menu is jamming the server
- Request periodically coming back empty under race conditions
- apache html request parameters
- jQuery autocomplete - not sending request to server side on new inputs
- Jquery Autocomplete - Programmatic and hard coded response