There is a so-called slow reading attack. A post request is made from a large number of IP addresses to some form of the site, with little regularity, unlike a syn attack. These can also be multiple bots that collect information from the site and create an unwanted load. To block bots with this behavior, install the mod_evasive module.
Installation
Connecting the Epel repository
yum install epel-release
then in /etc/yum.repos.d/epel.repo you need to enable it, enabled=1
yum install mod_evasive
Settings
Let's open the configuration file, usually here /etc/httpd/conf.d/mod_evasive.conf and change the settings, since by default it is very sensitive and can block ordinary clients.
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
DOSEmailNotify user@domain.tld
DOSLogDir "/var/log/mod_evasive"
DOSWhitelist 127.0.0.1
Now you need to restart the apache service with the command
service httpd restart
No Comments Yet