How to minimise effect of mischievous, persistent POST requests

security apache-2.2 mod-rewrite ddos .htaccess

if you have root-access to that machine you could deploy snort/suricata with a limited ruleset, e.g. detect and block POST - requests.

pro:

  • works on network-level
  • ips can be blocked for a certain ammount of time

con:

  • not-so-easy to setup and maintain, should be done by someone who knows how/what to do

easier: setup nginx infront of your apache and process your 403 from there, while passing valid requests to apache

pro:

  • easy setup
  • can handle more requests than apache
  • limit-rate might be used on a ip-level

con:

  • must be tested

Related

Why do I get prompted for "Data Source Credentials" when editing a SSRS report for SCCM?
Multi-user bzr server
Slow boot and dns doesn't work
Preserve response headers in NGINX load balancer
Remove Server 2012 Remote Access Server
Repair corrupt GPT partition on graid mini disk
Nginx location regex is not matching
HP 5500 switch manual states SNMP traps impact performance and advises against their use unless "necessary" - why?
How to configure Postfix to only send out emails with a certain header?
Optimization XFS on Linux guest in Hyper-V (VHDX)
Brocade mirror ports
Too many invalid handles in System process