Hi Team,
Can some one suggest me how we can prevent site from DoS attach using mod_rewrite in apache httpd.
Regards
Manikantha R
Solved! Go to Solution.
Views
Replies
Total Likes
@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.
Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).
Prevent the dispatcher from caching URLs with spurious extensions by using filters.
For example, change the caching rules to limit caching to the expected mime types, such as:
To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:
Then, configure filters to allow access to the following node paths:
/etc/designs/*
/etc/clientlibs/*
/etc/segmentation.segment.js
/libs/cq/personalization/components/clickstreamcloud/content/config.json
/libs/wcm/stats/tracker.js
/libs/cq/personalization/* (JS, CSS and JSON)
/libs/cq/security/userinfo.json (CQ user information)
/libs/granite/security/currentuser.json (data must not be cached)
/libs/cq/i18n/* (Internalization)
Validate all these changes in lower environment before before implementing in Production.
Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...
https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html
Regards,
Raja
do you have a CDN in place (Akamai ?) the best way to handle DDoS is through CDN.
Hi @manikanthar1295 As @Rasheed the best practise for AEM application to prevent DDOS attacks is via CDN either you use Cloud Front AWS with AWS WAF or use Akamai depending on type of CDN you have.Still if you want to prevent at apache level then you need to use ModEvasive module in Apache please refer below.
https://scriptstown.com/how-to-protect-your-website-against-ddos-in-apache-web-server/
Regards,
Rajashankar
@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.
Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).
Prevent the dispatcher from caching URLs with spurious extensions by using filters.
For example, change the caching rules to limit caching to the expected mime types, such as:
To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:
Then, configure filters to allow access to the following node paths:
/etc/designs/*
/etc/clientlibs/*
/etc/segmentation.segment.js
/libs/cq/personalization/components/clickstreamcloud/content/config.json
/libs/wcm/stats/tracker.js
/libs/cq/personalization/* (JS, CSS and JSON)
/libs/cq/security/userinfo.json (CQ user information)
/libs/granite/security/currentuser.json (data must not be cached)
/libs/cq/i18n/* (Internalization)
Validate all these changes in lower environment before before implementing in Production.
Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...
https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html
Regards,
Raja
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies