Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Preventing DoS attack using mod_rewrite in appache httd

Avatar

Level 6
Level 6
12/16/21 5:56:12 AM

Hi Team,

 

Can some one suggest me how we can prevent site from  DoS attach using mod_rewrite in apache httpd.

 

Regards

Manikantha R

Views

797

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
12/24/21 10:50:47 PM

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja

View solution in original post

Views

760

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Level 2
Level 2
12/16/21 4:11:45 PM

do you have a CDN in place (Akamai ?) the best way to handle DDoS is through CDN.

Views

790

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
12/17/21 11:20:05 AM

Hi @manikanthar1295  As @Rasheed  the best practise for AEM application to prevent DDOS attacks is via CDN either you use Cloud Front AWS with AWS WAF or use Akamai depending on type of CDN you have.Still if you want to prevent at apache level then you need to use ModEvasive module in Apache please refer below.

https://scriptstown.com/how-to-protect-your-website-against-ddos-in-apache-web-server/

Regards,

Rajashankar

 

Views

784

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
12/24/21 10:50:47 PM

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja

Views

761

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
SEO Best Practices for Dyamic Pages in AEM Solved

Views

111

Likes

0

Replies

3
Page Published details getting updated in Timelines of Page edit after content updated on Page AEM6.5 on-Premise

Views

71

Likes

0

Replies

4
Using AEM to pull data from RTCDP

Views

44

Likes

0

Replies

1
Displaying the span id in HTL

Views

62

Likes

0

Replies

2
Displaying the span id in HTL

Views

42

Likes

0

Replies

1