0

I need to block simultaneous requests to multiple sites using ModSecurity
For example sometimes an IP address try to access multiple sites URLs in same time, which most of them are hacker or robots:

121.122.123.124 site1.com GET /index.php?route=old/wp-includes
121.122.123.124 site2.com GET /finance/paymentreceipt
121.122.123.124 site3.com GET /help/sign-in
121.122.123.124 site4.com GET /flashs/agreement_docs2
121.122.123.124 site2.com GET /administrator/includes
121.122.123.124 site3.com GET /orderOnline/uploads/
121.122.123.124 site5.com GET /media/cibadministrator

Appreciate for any help

Farhad Sakhaei
  • 894
  • 10
  • 28

1 Answers1

1

The DoS protection part of the OWASP ModSecurity Core Rule Set may help you.

Could you check if this answer could be helpful for you:

Do OWASP CRS modsecurity rules prevent DOS as in these 2 scenarios?

The counter is set per IP address. More information can also be found in the DoS protection rule file of CRS.

franbuehler
  • 435
  • 2
  • 8
  • I think it is related to just one address, not multiple address at same time , isn't it? – Farhad Sakhaei May 05 '21 at 09:24
  • The counter is set per IP address. This means it also works for multiple addresses. I will update my answer and add a link to the rule file. You'll find more information there. – franbuehler May 05 '21 at 11:21
  • Thank you, what do you think about best DOS & DDOS protection between mod_evasive, modsecurity, csf or other option, which one is best? – Farhad Sakhaei May 05 '21 at 13:43
  • To be honest, I'm not familiar with mod_evasive. But I found this link named [Apache2 mod_evasive vs mod_security with OWASP crs when protecting against DDOS?](https://stackoverflow.com/questions/19631981/apache2-mod-evasive-vs-mod-security-with-owasp-crs-when-protecting-against-ddos) which might give you more information. – franbuehler May 07 '21 at 15:43