Here is a way to protect your LAMP server from a Post Flooding DDoS attack. Steps: Set up Fail2Ban and IPTables by following instructions here. Create a new file named /etc/fail2ban/filter.d/apache-postflood.conf with the following content:
|
1 2 3 4 5 6 7 8 |
[Definition] # match these lines to find a login fail failregex = ^<HOST> .*\"POST [^\"]+\" # matches this example line: # 202.120.209.38 - - [16/Dec/2015:11:27:32 +1000] "POST /index.php HTTP/1.0" 302 270 "-" "-" # # don't ignore anything ignoreregex = |
Next, add the following to the bottom of /etc/fail2ban/jail.local
|
1 2 3 4 5 6 7 8 9 |
[apache-postflood] enabled = true # block these ports port=http,https # filter in /etc/fail2ban/filter.d/apache-postflood.conf filter = apache-postflood logpath = /var/log/apache/*_access_log # or path to your Apache log files findtime = 20 maxretry = 10 |
The above will block all IPs which try to post more than […]