SOLVED CSF (CONNLIMIT) configuration for production server

Rodrigo Gomes

Well-Known Member
Apr 6, 2016
128
29
78
Brazil
cPanel Access Level
Root Administrator
Hello guys,

I am receiving a Slowloris attack and in an attempt to mitigate the attack I configured the CSF to:

Code:
CONNLIMIT = 80;75,443;75,21;50
PORTFLOOD = 80;tcp;50;1,443;tcp;50;1
This worked perfectly.
I want to make this setting permanent, but I'm worried about legitimate bots being blocked.

I have over one hundred hosted sites that get a lot of traffic. About 2 million unique accesses per day in all.
What do you guys think? Is it safe to keep this setup in production server?

Note: I already use mod_reqtimeout + modsec, but it did not solve the problem.
Mod_qos does not work for me because I use MPM Prefork.
Mod_antiloris is very old and outdated.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
I want to make this setting permanent, but I'm worried about legitimate bots being blocked.
Hello,

Whitelisting the IP addresses of known bots that you want to ensure are allowed to access the server might be a viable option.

Thank you.
 

Rodrigo Gomes

Well-Known Member
Apr 6, 2016
128
29
78
Brazil
cPanel Access Level
Root Administrator
Hello,

Whitelisting the IP addresses of known bots that you want to ensure are allowed to access the server might be a viable option.

Thank you.
Hello Michael

This is a great idea, but in the case of googlebots, there is no list of IPs.
To identify the googlebot is necessary to resolve the ip.

Do you think this rule in production can cause problems?
Will any google bot be able to make 75 simultaneous requests with a single IP some day?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Do you think this rule in production can cause problems?
Will any google bot be able to make 75 simultaneous requests with a single IP some day?
I don't believe the rule referenced in your original post should result in any issues with the Google Bot user agent based on a limit of 75, however there's a page here you may find informative:

Change Googlebot crawl rate - Search Console Help

Thank you.
 
  • Like
Reactions: Rodrigo Gomes

Rodrigo Gomes

Well-Known Member
Apr 6, 2016
128
29
78
Brazil
cPanel Access Level
Root Administrator
Hello @cPanelMichael,

After almost two months, I decided to update this subject with my considerations:
This limit works very well, I had no problems with Googlebot so far hosting more than 100 websites.
Thanks to Google's good practice of hitting each site with a different IP, I believe that this limit will never generate problems with robots.

And it is very rare for Google to make more than 15 simultaneous connections.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

I'm happy to see it's working as intended. Thank you for updating us with the outcome.
 
  • Like
Reactions: Rodrigo Gomes