Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED CSF (CONNLIMIT) configuration for production server

Discussion in 'Security' started by Rodrigo Gomes, Jan 10, 2017.

Tags:
  1. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    88
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello guys,

    I am receiving a Slowloris attack and in an attempt to mitigate the attack I configured the CSF to:

    Code:
    CONNLIMIT = 80;75,443;75,21;50
    PORTFLOOD = 80;tcp;50;1,443;tcp;50;1
    This worked perfectly.
    I want to make this setting permanent, but I'm worried about legitimate bots being blocked.

    I have over one hundred hosted sites that get a lot of traffic. About 2 million unique accesses per day in all.
    What do you guys think? Is it safe to keep this setup in production server?

    Note: I already use mod_reqtimeout + modsec, but it did not solve the problem.
    Mod_qos does not work for me because I use MPM Prefork.
    Mod_antiloris is very old and outdated.
     
    SageBrian likes this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Whitelisting the IP addresses of known bots that you want to ensure are allowed to access the server might be a viable option.

    Thank you.
     
  3. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    88
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello Michael

    This is a great idea, but in the case of googlebots, there is no list of IPs.
    To identify the googlebot is necessary to resolve the ip.

    Do you think this rule in production can cause problems?
    Will any google bot be able to make 75 simultaneous requests with a single IP some day?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I don't believe the rule referenced in your original post should result in any issues with the Google Bot user agent based on a limit of 75, however there's a page here you may find informative:

    Change Googlebot crawl rate - Search Console Help

    Thank you.
     
    Rodrigo Gomes likes this.
  5. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    88
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello @cPanelMichael,

    After almost two months, I decided to update this subject with my considerations:
    This limit works very well, I had no problems with Googlebot so far hosting more than 100 websites.
    Thanks to Google's good practice of hitting each site with a different IP, I believe that this limit will never generate problems with robots.

    And it is very rare for Google to make more than 15 simultaneous connections.
     
    cPanelMichael likes this.
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see it's working as intended. Thank you for updating us with the outcome.
     
    Rodrigo Gomes likes this.
Loading...

Share This Page