Apache include editor does not work

[benniblanco]

We are under dos attack and since about 7 days trying to figure out the way to mitigate it.
Softlayer box WHM 11.38.1 (build 15)


Installed few mods to protect ourself but none of them seem to have an effect on the zombie IP's

Today we fund a solution by redirecting them trough site root htaccess and it works.

RewriteEngine On

SetEnvIf User-Agent ".*MSIE 6.0; Windows NT 5.1; SV1.*" dontlog
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
RewriteCond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$" [OR]
RewriteCond %{HTTP_USER_AGENT} "^(?:User-Agent: )?Mozilla/4.0 \(compatible; MSIE 6.0; Windows NT 5.1;(?: SV1|1813)\)$" [OR] 
RewriteCond %{HTTP_USER_AGENT} "MSIE 6.0; Windows NT 5.1; SV1"
RewriteRule ^(.*)$ http://127.0.0.1/$1 [R=302,L]

But we want to do this on server level so we added the lines that work in htaccess in Include Editor and tested all 3 positions and none of them work. Soon as we remove those lines from htaccess
and put them in Include editor instead the IP's are not redirected anymore.

Just had Mike tech from SL try to figure this out for about 2h on the phone and we both came to a conclusion that the editor is not accepting the changes.

Mike also wanted to help us remove the redirect log for those IP's ( line one in code above combined with How To Tell Apache To Not Log Certain Requests In Its Access Log | HowtoForge - Linux Howtos and Tutorials ) but again include editor is not accepting the change

 

[quietFinn]

Apache include editor is a user interface to edit the files in directory /usr/local/apache/conf/includes
Do you mean that Apache include editor does not write your configurations in the config files in that directory?
Or do you mean that your configurations have no effect?

I have not tested rewrite rules in Apache config, but Apache documentation says this:

rewrite configurations are not inherited by virtual hosts. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use rewrite rules.

mod_rewrite - Apache HTTP Server

 

[benniblanco]

here is where we must include any change that should affect http.config Screenshot by Lightshot, and we tested all 3 positions , none of them take affect. That code block works immediatly if placed in site_root/.htaccess

 

[kernow]

Your data center really should help you with DOS attacks on a hardware level.............
Software that can help DOS attacks are the CSF firewall ConfigServer Security & Firewall where you set a limit on the number of connections, and any more than that are dropped. Or dos-deflate (D)DoS Deflate - deflate.medialayer.com

 

[benniblanco]

Your data center really should help you with DOS attacks on a hardware level.............
Software that can help DOS attacks are the CSF firewall ConfigServer Security & Firewall where you set a limit on the number of connections, and any more than that are dropped. Or dos-deflate (D)DoS Deflate - deflate.medialayer.com

tell me about , I think is time to move

 

[cPanelMichael]

Hello

Try including the following lines in your custom Apache include:

RewriteLog "/usr/local/apache/logs/rewrite.log"
RewriteLogLevel 2

Then, check to see if the rewrites are logged to the "/usr/local/apache/logs/rewrite.log" file.

Thank you.

 

[cPanelKenneth]

Please ensure httpd.conf is rebuilt after using the include editor. Here is what worked for me:

1. Used the include editor to add the rewrite rules. I ensured it matched exactly what you had in the screen shot
2. Via the command line, I verified the rewrite rules were added to the proper include file:

$ cat /usr/local//apache/conf/includes/post_virtualhost_global.conf

3. Checked for presence of post_virtualhost_global.conf in httpd.conf:

$ grep post_virtualhost /usr/local/apache/conf/httpd.conf

4. Rebuilt httpd.conf to put the include file in place:

$ /scripts/rebuildhttpdconf

5. Repeated step 3:

$ grep post_virtualhost /usr/local/apache/conf/httpd.conf
Include "/usr/local/apache/conf/includes/post_virtualhost_global.conf"

6. Restart apache

/scripts/restartsrv_apache