Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Here are some best practices that you can follow in .htaccess to help prevent DDoS attacks:
- Limit access to your site: Use the following lines in your .htaccess file to restrict access to your site only to users with specific IP addresses: Replace “123.123.123.123” with the IP address(es) that you want to allow access to your site. This will help to prevent DDoS attacks by blocking requests from other IP addresses.
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
2. Limit HTTP requests: Use the following lines in your .htaccess file to limit the number of HTTP requests that can be made to your site: This will limit the number of requests that can be made to your site, preventing DDoS attacks that overload your server with too many requests.
<IfModule mod_qos.c>
# Set a limit of 100 requests per second
QS_LimitRequestBody 102400
QS_SrvMaxConnPerIP 100
</IfModule>
3. Enable caching: Use the following lines in your .htaccess file to enable caching of static content on your site: This will help to reduce the load on your server by caching static content and serving it from the cache instead of generating it each time it is requested.
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 year"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
</IfModule>
4. Enable mod_security: Use the following lines in your .htaccess file to enable mod_security, which provides additional protection against DDoS attacks: This will enable mod_security and remove the “941100” rule, which is known to cause false positives.
<IfModule mod_security.c>
SecRuleEngine On
SecRule REQUEST_METHOD "^(?:GET|HEAD|POST)$" \
"id:1234,phase:1,t:none,nolog,pass,ctl:ruleRemoveById=941100"
</IfModule>
5. Use a CDN: Consider using a content delivery network (CDN) to distribute your content and help mitigate DDoS attacks. A CDN can help to distribute the load across multiple servers and provide additional protection against DDoS attacks.
Gracias por Compartir información valiosÃsima para ayudar a la seguridad web
Thanks A Lot , what I needed them my personal blog, seems to be a requests blog for Honkong hackers:)) LOVE from sweden