Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Configure mod_request_timeout and mod_qos to mitigate slow HTTP ddos attacks

Discussion in 'Security' started by meeven, Oct 12, 2015.

  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    Our web site has been experiencing a ddos attack for the last 18 hours and we have taken some steps to mitigate it that have helped, including redirecting traffic through CloudFlare.

    However, the attack continues and we would like to enable and configure mod_request_timeout and mod_qos as per the following article:
    How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server - Acunetix

    I know the modules can be enabled through EasyApache, but it's not clear where/how to edit those config files. Do we put those directives in a pre or post virtual host include for the domain being attacked. Or, could this go into the .htaccess file at the web root of the domain?
     
    #1 meeven, Oct 12, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,704
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Oct 13, 2015
  3. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    132
    Likes Received:
    1
    Trophy Points:
    168
    Thanks very much for explaining where this should go. I wasn't aware of the cPanel help page on Slowloris attacks, either.

    One problem on my set up - I can't install mod_qos because I am using mod_rui2, which disables the former.

    For anyone else following this thread: you should install mod_reqtimeout as a custom module before being able to select it in the Exhaustive Options list in EasyApache. This page explains how to add the module to the server:
    Custom Modules - EasyApache - cPanel Documentation
     
    #3 meeven, Oct 13, 2015
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,704
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I am happy to see the document was helpful. Thank you for updating us with the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Oct 14, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Configure mod_request_timeout mod_qos
  1. rfc001

    Configure Web Disk Manually using IP

    rfc001, Sep 17, 2018 at 3:46 PM, in forum: General Discussion
    Replies:
    6
    Views:
    61
    rfc001
    Sep 18, 2018 at 2:08 PM
  2. aseptik

    Configure server to send and receive emails

    aseptik, Sep 11, 2018, in forum: E-mail Discussion
    Replies:
    1
    Views:
    78
    cPanelMichael
    Sep 12, 2018
  3. Amirhossein Matini

    Configure Background Process Killer from Command line

    Amirhossein Matini, Aug 9, 2018, in forum: Security
    Replies:
    2
    Views:
    87
    cPanelLauren
    Aug 13, 2018
  4. bloatedstoat

    SOLVED AutoSSL spews HTML when DNS configured for remote website

    bloatedstoat, Aug 7, 2018, in forum: Security
    Replies:
    2
    Views:
    81
    bloatedstoat
    Aug 9, 2018
  5. jimlongo

    SOLVED Error: ASL has not been configured

    jimlongo, Jul 4, 2018, in forum: Security
    Replies:
    4
    Views:
    392
    jimlongo
    Jul 5, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice