Short Story:
I got a page on my website with lots of <img src="getMyImage.php?Id=18311766"/>-elements to basicly display a long list of pictures (with other stuff read from the database). Due to the many calls mod_evasive triggers and not all images are displayed anymore.
More Details:
- It's just a private page for friends and family, but obviously I can't just whitelist IPs to solve the problem.
- I did it like that, because I didn't want to expose the pictures to "the world" even in the unlikely case, that someone guesses the correct url: The file itself isn't served by configuration. The php-File confirms login before returning the picture.
- There are not more than about max ~400 pictures = calls per outer site call.
Is it just meant to be like this and I just need to make mod_evasive less aggressive by increasing the number of allowed requests? A least I didn't find another configuration option.
It's not like I allready had an attack...but from a learning perspective I'd like to do the things right ;)
