It appears that my server is the target of a moderate DDOS attack from IP addresses in Brazil. I've implemented mod_evasive, which is doing a good job of identifying the attack requests, but the rate of rotation of the IPs is too great for mod_evasive to be of any real assistance.
The good news is that the DDOS attack is focused on requests for a couple of very specific .jpg files (which do not exist, of course).
I'm running apf.
Is there a way to configure my firewall to block http requests for these specific files, and/or to block only those IPs that request these specific files?
Thanks in advance for your help and ideas.
The good news is that the DDOS attack is focused on requests for a couple of very specific .jpg files (which do not exist, of course).
I'm running apf.
Is there a way to configure my firewall to block http requests for these specific files, and/or to block only those IPs that request these specific files?
Thanks in advance for your help and ideas.