Configure mod_request_timeout and mod_qos to mitigate slow HTTP ddos attacks

[meeven]

Our web site has been experiencing a ddos attack for the last 18 hours and we have taken some steps to mitigate it that have helped, including redirecting traffic through CloudFlare.

However, the attack continues and we would like to enable and configure mod_request_timeout and mod_qos as per the following article:
How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server - Acunetix

I know the modules can be enabled through EasyApache, but it's not clear where/how to edit those config files. Do we put those directives in a pre or post virtual host include for the domain being attacked. Or, could this go into the .htaccess file at the web root of the domain?

 

[cPanelMichael]

Hello

You can add the values to the /usr/local/apache/conf/includes/pre_main_global.conf file and rebuild the Apache configuration file via:

/scripts/rebuildhttpdconf

This document should help:

How To Mitigate Slowloris Attacks - EasyApache - cPanel Documentation

Thank you.

 

[meeven]

Thanks very much for explaining where this should go. I wasn't aware of the cPanel help page on Slowloris attacks, either.

One problem on my set up - I can't install mod_qos because I am using mod_rui2, which disables the former.

For anyone else following this thread: you should install mod_reqtimeout as a custom module before being able to select it in the Exhaustive Options list in EasyApache. This page explains how to add the module to the server:
Custom Modules - EasyApache - cPanel Documentation

 

[cPanelMichael]

I am happy to see the document was helpful. Thank you for updating us with the outcome.