Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Preventing DoS attack using mod_rewrite in appache httd

manikanthar1295
Level 5
Level 5

Hi Team,

 

Can some one suggest me how we can prevent site from  DoS attach using mod_rewrite in apache httpd.

 

Regards

Manikantha R

1 Accepted Solution
Raja-kp
Correct answer by
Level 7
Level 7

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja

View solution in original post

3 Replies
Rasheedcg
Level 2
Level 2

do you have a CDN in place (Akamai ?) the best way to handle DDoS is through CDN.

Rajashankar
Level 4
Level 4

Hi @manikanthar1295  As @Rasheedcg  the best practise for AEM application to prevent DDOS attacks is via CDN either you use Cloud Front AWS with AWS WAF or use Akamai depending on type of CDN you have.Still if you want to prevent at apache level then you need to use ModEvasive module in Apache please refer below.

https://scriptstown.com/how-to-protect-your-website-against-ddos-in-apache-web-server/

Regards,

Rajashankar

 

Raja-kp
Correct answer by
Level 7
Level 7

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja