DevSecOps Now!!!

Email – ashwani.cotocus@gmail.com

Best practices to followed in .httacess to avoid DDOS attack?

Posted by

rajeshkumarin

Here are some best practices that you can follow in .htaccess to help prevent DDoS attacks:

  1. Limit access to your site: Use the following lines in your .htaccess file to restrict access to your site only to users with specific IP addresses: Replace “123.123.123.123” with the IP address(es) that you want to allow access to your site. This will help to prevent DDoS attacks by blocking requests from other IP addresses.
Order Deny,Allow
Deny from all
Allow from 123.123.123.123

2. Limit HTTP requests: Use the following lines in your .htaccess file to limit the number of HTTP requests that can be made to your site: This will limit the number of requests that can be made to your site, preventing DDoS attacks that overload your server with too many requests.

<IfModule mod_qos.c>
  # Set a limit of 100 requests per second
  QS_LimitRequestBody 102400
  QS_SrvMaxConnPerIP 100
</IfModule>

3. Enable caching: Use the following lines in your .htaccess file to enable caching of static content on your site: This will help to reduce the load on your server by caching static content and serving it from the cache instead of generating it each time it is requested.

<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 year"
  ExpiresByType image/gif "access plus 1 month"
  ExpiresByType image/png "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 month"
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType text/javascript "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 week"
  ExpiresByType application/x-javascript "access plus 1 week"
</IfModule>

4. Enable mod_security: Use the following lines in your .htaccess file to enable mod_security, which provides additional protection against DDoS attacks: This will enable mod_security and remove the “941100” rule, which is known to cause false positives.

<IfModule mod_security.c>
  SecRuleEngine On
  SecRule REQUEST_METHOD "^(?:GET|HEAD|POST)$" \
    "id:1234,phase:1,t:none,nolog,pass,ctl:ruleRemoveById=941100"
</IfModule>

5. Use a CDN: Consider using a content delivery network (CDN) to distribute your content and help mitigate DDoS attacks. A CDN can help to distribute the load across multiple servers and provide additional protection against DDoS attacks.

Post Views: 194

rajeshkumarin

Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Manuel castro
Manuel castro
9 months ago

Gracias por Compartir información valiosísima para ayudar a la seguridad web

0
Reply
Kristina
Kristina
29 days ago

Thanks A Lot , what I needed them my personal blog, seems to be a requests blog for Honkong hackers:)) LOVE from sweden

0
Reply

Follow Us

Recent Posts

Categories

Tags

Api command Devops Drupal Drupal 10 Error features of PHP Git github How How PHP Works & Architecture How to Install and Configure PHP laravel laravel 10 Laravel Error Linux livewire MySql Penetration Testing php Solution top use cases of PHP What What are the features of PHP What is PHP What is the top use cases of PHP What is the workflow of PHP Why workflow of PHP Xampp

2
0
Would love your thoughts, please comment.x
()
x