The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Configure mod_request_timeout and mod_qos to mitigate slow HTTP ddos attacks

Discussion in 'Security' started by meeven, Oct 12, 2015.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    Our web site has been experiencing a ddos attack for the last 18 hours and we have taken some steps to mitigate it that have helped, including redirecting traffic through CloudFlare.

    However, the attack continues and we would like to enable and configure mod_request_timeout and mod_qos as per the following article:
    How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server - Acunetix

    I know the modules can be enabled through EasyApache, but it's not clear where/how to edit those config files. Do we put those directives in a pre or post virtual host include for the domain being attacked. Or, could this go into the .htaccess file at the web root of the domain?
     
    #1 meeven, Oct 12, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,700
    Likes Received:
    1,139
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    #2 cPanelMichael, Oct 13, 2015
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    Thanks very much for explaining where this should go. I wasn't aware of the cPanel help page on Slowloris attacks, either.

    One problem on my set up - I can't install mod_qos because I am using mod_rui2, which disables the former.

    For anyone else following this thread: you should install mod_reqtimeout as a custom module before being able to select it in the Exhaustive Options list in EasyApache. This page explains how to add the module to the server:
    Custom Modules - EasyApache - cPanel Documentation
     
    #3 meeven, Oct 13, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    35,700
    Likes Received:
    1,139
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I am happy to see the document was helpful. Thank you for updating us with the outcome.
     
    #4 cPanelMichael, Oct 14, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Configure mod_request_timeout mod_qos
  1. PeteS

    Unable to configure shared IPv6

    PeteS, Jun 19, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    6
    Views:
    95
    cPanelMichael
    Jun 20, 2017
  2. Jafar Muhammed

    How to configure mod_proxy on cPanel

    Jafar Muhammed, May 17, 2017, in forum: EasyApache
    Replies:
    2
    Views:
    116
    cPanelMichael
    May 23, 2017
  3. jeff brown

    SOLVED Configure cPanel for non webhosting company

    jeff brown, May 2, 2017, in forum: General Discussion
    Replies:
    6
    Views:
    217
    jeff brown
    May 3, 2017
  4. Jerald Feller

    SOLVED Manually configured apache/httpd.conf removed on apache update

    Jerald Feller, Apr 7, 2017, in forum: EasyApache
    Replies:
    3
    Views:
    243
    Jerald Feller
    Apr 9, 2017
  5. Ajibola Samo

    Configure outlook

    Ajibola Samo, Apr 6, 2017, in forum: E-mail Discussions
    Replies:
    1
    Views:
    115
    cPanelMichael
    Apr 6, 2017

Share This Page