The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MOD_Security - How to block excessive search request?

Discussion in 'Security' started by lvlarvinpo, Feb 5, 2013.

  1. lvlarvinpo

    lvlarvinpo Registered

    Joined:
    Feb 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Masters,

    I am new here. I am having almost same problem except that there are random characters included on each request.
    Recently my MySQL is always down due to massive search request. I thought of blocking search request if done several times.
    the request pattern is:
    HEAD /?s=RandomCharactersGoesHere HTTP/1.1
    HEAD /?s=xzsdfrdsv HTTP/1.1

    I think tquang's post #3 code is helpful to me. I hope you can help me doing a working a MOD_Security rule.

    BTW. I am using apache 2 and modsec 2.* (latest version).

    Regards,

    Marvin
     
  2. lvlarvinpo

    lvlarvinpo Registered

    Joined:
    Feb 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,
    I am new here. I am also learning Modsec programming.
    I have a problem with my sites. They are often down due to MySQL Database connection error. This is due to excessive search request by different client/IPs. Is there a way to block excessive search request?
    Ex condition: if a client requests more than 2 requests per second then Block for 60 seconds.

    Here's the Patern:
    HEAD /?s=<RandomCharacterGoesHere> HTTP/1.1
    HEAD /?s=zmshfjdhgs HTTP/1.1

    Possible trigger string "/?s="

    I am using apache2 and modsec2.

    I hope you can help me with this.

    regards,
    Marvin
     
  3. lvlarvinpo

    lvlarvinpo Registered

    Joined:
    Feb 5, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  4. Greenhost

    Greenhost Well-Known Member

    Joined:
    Jan 22, 2013
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page