How can I block a specific type of DDoS attack?

linux apache-2.2 firewall ddos

Use fail2ban. You can define the pattern and it will make iptables rules according that.


You may be served by putting in a limit to prevent post from the root. Especially if it is "never required by a normal user."

In an .htconfig in your root directory:

<LimitExcept GET>
 Require valid-user
</LimitExcept>

Which will tell it to require a logged-in user for any method but a simple GET (more details). Or if you just want to ban POST at the top:

<Limit POST>
  Deny from all
</Limit>

This will throw a 403-forbidden message, which should tell the scanners to not bother.

To remove the limit, in a directory where you actually want to allow POST:

<Limit POST>
  Allow from all
</Limit>

Related

tail -f : `tail: logfile.log: file truncated`
Yum: What is the @shortname for a Package Group?
Ubuntu lastlog only shows a few entries
When should one use EPEL 5 or EPEL 6?
how to cause linux system datetime to run faster than real world datetime?
Refresh /dev/sdx list
Apply Group Policy to Remote Desktop Services users but not when they log on to their local system
Finding Windows keys in use throughout corporation
Add Machine Key to machine.config in Load Balancing environment to multiple versions of .net framework
Deleted Apache access logs still taking up space
can I consolidate a multi-disk zfs zpool to a single (larger) disk?
SNMP bytes received disagrees with ifconfig