Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Configure mod_request_timeout and mod_qos to mitigate slow HTTP ddos attacks

Discussion in 'Security' started by meeven, Oct 12, 2015.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    Our web site has been experiencing a ddos attack for the last 18 hours and we have taken some steps to mitigate it that have helped, including redirecting traffic through CloudFlare.

    However, the attack continues and we would like to enable and configure mod_request_timeout and mod_qos as per the following article:
    How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server - Acunetix

    I know the modules can be enabled through EasyApache, but it's not clear where/how to edit those config files. Do we put those directives in a pre or post virtual host include for the domain being attacked. Or, could this go into the .htaccess file at the web root of the domain?
     
    #1 meeven, Oct 12, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Oct 13, 2015
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    Thanks very much for explaining where this should go. I wasn't aware of the cPanel help page on Slowloris attacks, either.

    One problem on my set up - I can't install mod_qos because I am using mod_rui2, which disables the former.

    For anyone else following this thread: you should install mod_reqtimeout as a custom module before being able to select it in the Exhaustive Options list in EasyApache. This page explains how to add the module to the server:
    Custom Modules - EasyApache - cPanel Documentation
     
    #3 meeven, Oct 13, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,214
    Likes Received:
    1,936
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I am happy to see the document was helpful. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Oct 14, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Configure mod_request_timeout mod_qos
  1. Mustafa Chapal

    Configure Exim to Send Email From a Subaccount

    Mustafa Chapal, Nov 1, 2018, in forum: E-mail Discussion
    Replies:
    3
    Views:
    87
    cPanelMichael
    Nov 5, 2018
  2. Nurs1927

    Configure mod_remoteip for Cloudflare?

    Nurs1927, Oct 23, 2018, in forum: General Discussion
    Replies:
    9
    Views:
    186
    cPanelLauren
    Nov 6, 2018
  3. SamL

    SOLVED [CPANEL-22560] AutoSSL Warning - Skipping duplicate domains (misconfigured?)

    SamL, Oct 18, 2018, in forum: Security
    Replies:
    1
    Views:
    148
    cPanelFelipe
    Oct 19, 2018
  4. Dedan Irungu

    How to Configure many servers to work as one?

    Dedan Irungu, Oct 8, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    97
    cPanelLauren
    Oct 9, 2018
  5. Nurs1927

    Properly configure PHP7.2 with PHP-FPM On?

    Nurs1927, Oct 7, 2018, in forum: EasyApache
    Replies:
    9
    Views:
    204
    cPanelLauren
    Oct 9, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice