Configure mod_request_timeout and mod_qos to mitigate slow HTTP ddos attacks

meeven

Well-Known Member
May 8, 2007
132
2
168
Our web site has been experiencing a ddos attack for the last 18 hours and we have taken some steps to mitigate it that have helped, including redirecting traffic through CloudFlare.

However, the attack continues and we would like to enable and configure mod_request_timeout and mod_qos as per the following article:
How To Mitigate Slow HTTP DoS Attacks in Apache HTTP Server - Acunetix

I know the modules can be enabled through EasyApache, but it's not clear where/how to edit those config files. Do we put those directives in a pre or post virtual host include for the domain being attacked. Or, could this go into the .htaccess file at the web root of the domain?
 

meeven

Well-Known Member
May 8, 2007
132
2
168
Thanks very much for explaining where this should go. I wasn't aware of the cPanel help page on Slowloris attacks, either.

One problem on my set up - I can't install mod_qos because I am using mod_rui2, which disables the former.

For anyone else following this thread: you should install mod_reqtimeout as a custom module before being able to select it in the Exhaustive Options list in EasyApache. This page explains how to add the module to the server:
Custom Modules - EasyApache - cPanel Documentation
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
I am happy to see the document was helpful. Thank you for updating us with the outcome.