-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsample.conf
More file actions
138 lines (118 loc) · 4.73 KB
/
sample.conf
File metadata and controls
138 lines (118 loc) · 4.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# ------------------------------------------------------------
# mod_doscontrol - sample configuration
# ------------------------------------------------------------
# This module is configured at server/vhost scope.
# It blocks abusive clients based on request rate per page and per site.
# When a client is blocked, it can also log, send mail, run a command,
# and optionally delay the response to slow the attacker down.
# ------------------------------------------------------------
# Size of the internal hash table used to store hit counters.
# Larger values help when you expect many unique clients.
DOSHashTableSize 3097
# Maximum number of requests to the same URI within DOSPageInterval seconds
# before the client is considered abusive.
DOSPageCount 12
# Maximum number of requests to the whole site within DOSSiteInterval seconds
# before the client is considered abusive.
DOSSiteCount 60
# Time window in seconds for per-page counting.
DOSPageInterval 1
# Time window in seconds for site-wide counting.
DOSSiteInterval 1
# How long, in seconds, a client stays blocked after a violation.
DOSBlockingPeriod 30
# HTTP response code returned to blocked clients.
# Supported values: 403 or 429.
DOSResponseCode 429
# Extra delay applied to blocked responses, in milliseconds.
# This does not change the status code; it just slows down the reply.
# Use 0 to disable.
DOSBlockDelay 250
# Main log file for module events.
# Each block/allow/mail/command event is written here.
DOSMainLog /var/log/apache2/mod_doscontrol.log
# Directory used to store incident cache files.
# One file per blocked client will be created here.
DOSCacheDir /tmp/mod_doscontrol
# Optional email address for notifications when a client gets blocked.
# The module will try to send a mail message to this address.
# The moule uses default "/bin/mail %s" mailer.
DOSEmailNotify admin@example.com
# Optional system command to run when a client gets blocked.
# "%s" is replaced with the client IP.
# "%%" becomes a literal percent sign.
# Keep this simple and safe. Do not feed untrusted shell logic here.
DOSSystemCommand /usr/local/bin/notify-block.sh %s
# ------------------------------------------------------------
# Whitelist rules
# ------------------------------------------------------------
# Whitelisted IPs are never checked against the block logic.
# Supports plain IPs, wildcards, and IPv4 CIDR.
#
# Examples:
# 203.0.113.10 -> exact IP
# 203.0.113.* -> wildcard match
# 198.51.100.0/24 -> CIDR network
DOSWhitelistIP 127.0.0.1
DOSWhitelistIP 192.168.1.*
DOSWhitelistIP 10.0.0.0/8
DOSWhitelistIP 203.0.113.10
# Whitelisted User-Agents are also skipped.
# Matching is case-insensitive and supports * and ? wildcards.
#
# Examples:
# curl* -> anything starting with curl
# *HealthChecker* -> any agent containing that string
# Mozilla/5.? -> version-style matching
DOSWhitelistUA curl*
DOSWhitelistUA *HealthChecker*
DOSWhitelistUA Mozilla/5.?
# ------------------------------------------------------------
# Custom levels
# ------------------------------------------------------------
# These let you override request limits for selected URI patterns.
# The module uses the most specific matching pattern.
#
# Each level has:
# - a count value
# - one or more URI patterns
#
# Pattern notes:
# /api/* -> prefix match for a whole subtree
# /login.php -> exact path
# /admin/? -> single-character wildcard
#
# Level 1: strict limit for sensitive endpoints
DOSCustomLevelCount1 3
DOSCustomLevelAdd1 /login
DOSCustomLevelAdd1 /admin/*
DOSCustomLevelAdd1 /api/auth/*
# Level 2: slightly higher limit for important pages
DOSCustomLevelCount2 5
DOSCustomLevelAdd2 /cart
DOSCustomLevelAdd2 /checkout
DOSCustomLevelAdd2 /account/*
# Level 3: medium limit for normal dynamic pages
DOSCustomLevelCount3 10
DOSCustomLevelAdd3 /search
DOSCustomLevelAdd3 /news/*
DOSCustomLevelAdd3 /products/*
# Level 4: looser limit for heavier but still public content
DOSCustomLevelCount4 20
DOSCustomLevelAdd4 /gallery/*
DOSCustomLevelAdd4 /download/*
DOSCustomLevelAdd4 /blog/*
# Level 5: very loose limit for selected large sections
DOSCustomLevelCount5 40
DOSCustomLevelAdd5 /assets/*
DOSCustomLevelAdd5 /static/*
DOSCustomLevelAdd5 /media/*
# ------------------------------------------------------------
# Notes
# ------------------------------------------------------------
# - If DOSBlockDelay is 0, blocked requests are answered immediately.
# - If DOSResponseCode is 429, clients get "Too Many Requests".
# - If DOSResponseCode is 403, clients get "Forbidden".
# - If DOSMainLog or DOSCacheDir are not set, module defaults are used.
# - Custom level counts are used as both page and site limits for matching URIs.
# ------------------------------------------------------------