Mod Security & Firewall
I am experiencing DoS attack attempts that are not being blocked, despite having OWASP ModSecurity rules installed and active. The problematic traffic comes from websites hosted on cPanel accounts using Nginx. I am unsure if the use of Nginx is causing these rules to be bypassed. Does anyone know if this could be the issue and how I might configure ModSecurity to cover all traffic? Or should I consider addressing this security concern using a firewall like nftables
? I appreciate any guidance or advice you can offer.
Thank you in advance.
-
Hey there! I wouldn't expect ModSecurity to do much of anything to stop a DoS. ModSecurity is a Web Application Firewall, so it tries to block certain content from being sent through the webserver, but doesn't protect the server from DoS-like activity.
If the DoS is smaller in scale you may be able to use a tool like mod_evasive to help block some of those connections:
https://support.cpanel.net/hc/en-us/articles/360053581353-How-to-install-mod-evasive
If the DoS is larger, you may need to look into third-party tools, such as external hardware firewalls or Cloudflare.
0
Please sign in to leave a comment.
Comments
1 comment