evilive
Reputation: 996
Apache: mod_evasive triggering due to own page design
Short Story:
I got a page on my website with lots of <img src="getMyImage.php?Id=18311766"/>-elements to basicly display a long list of pictures (with other stuff read from the database). Due to the many calls mod_evasive triggers and not all images are displayed anymore.
More Details:
- It's just a private page for friends and family, but obviously I can't just whitelist IPs to solve the problem.
- I did it like that, because I didn't want to expose the pictures to "the world" even in the unlikely case, that someone guesses the correct url: The file itself isn't served by configuration. The php-File confirms login before returning the picture.
- There are not more than about max ~400 pictures = calls per outer site call.
Is it just meant to be like this and I just need to make mod_evasive less aggressive by increasing the number of allowed requests? A least I didn't find another configuration option.
It's not like I allready had an attack...but from a learning perspective I'd like to do the things right ;)
Upvotes: 2
Views: 201
Answers (0)
Related Questions
- Apache mod evasive leads to permission denied of index.php
- mod_evasive not working on Apache 2.4.6
- Apache mod_evasive issues
- Apache mod_evasive whitelist is not working properlly.
- Why am I getting the error message "No match for argument: mod_evasive"?
- ModEvasive on Ubuntu 12.04 LTS broken?
- Dynamically-generated PHP script doesn't parse; straight-code does
- Broken PHP page security
- Disable PHP script execution on HTML file from a php include
- Prevent server behaviour : executing scripts without extension