Preventing DoS attack using mod_rewrite in appache httd | Community
Skip to main content
manikanthar1295
manikanthar1295
Level 5
December 16, 2021
Solved

Preventing DoS attack using mod_rewrite in appache httd

  • December 16, 2021
  • 3 replies
  • 1208 views

Hi Team,

 

Can some one suggest me how we can prevent site from  DoS attach using mod_rewrite in apache httpd.

 

Regards

Manikantha R

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Raja-Karuppsamy

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security-checklist.html

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja

3 replies

R
Rasheed
Level 2
December 17, 2021

do you have a CDN in place (Akamai ?) the best way to handle DDoS is through CDN.

    RajaShankar
    Community Advisor
    RajaShankarCommunity Advisor
    Community Advisor
    December 17, 2021

    Hi @manikanthar1295  As @rasheed  the best practise for AEM application to prevent DDOS attacks is via CDN either you use Cloud Front AWS with AWS WAF or use Akamai depending on type of CDN you have.Still if you want to prevent at apache level then you need to use ModEvasive module in Apache please refer below.

    https://scriptstown.com/how-to-protect-your-website-against-ddos-in-apache-web-server/

    Regards,

    Rajashankar

     

      Raja-Karuppsamy
      Community Advisor
      Raja-KaruppsamyCommunity AdvisorAccepted solution
      Community Advisor
      December 25, 2021

      @manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

       

      • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

      • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
        For example, change the caching rules to limit caching to the expected mime types, such as:

        • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

        To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

      • /etc/
      • /libs/

      Then, configure filters to allow access to the following node paths:

      • /etc/designs/*

      • /etc/clientlibs/*

      • /etc/segmentation.segment.js

      • /libs/cq/personalization/components/clickstreamcloud/content/config.json

      • /libs/wcm/stats/tracker.js

      • /libs/cq/personalization/* (JS, CSS and JSON)

      • /libs/cq/security/userinfo.json (CQ user information)

      • /libs/granite/security/currentuser.json (data must not be cached)

      • /libs/cq/i18n/* (Internalization)

      Validate all these changes in lower environment before before implementing in Production.

      Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security-checklist.html

      https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

       

       

      Regards,

      Raja

        Terms & ConditionsAccessibility statement

        Loading footer...