Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Preventing DoS attack using mod_rewrite in appache httd

Avatar

Level 6

Hi Team,

 

Can some one suggest me how we can prevent site from  DoS attach using mod_rewrite in apache httpd.

 

Regards

Manikantha R

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja

View solution in original post

3 Replies

Avatar

Level 2

do you have a CDN in place (Akamai ?) the best way to handle DDoS is through CDN.

Avatar

Community Advisor

Hi @manikanthar1295  As @Rasheed  the best practise for AEM application to prevent DDOS attacks is via CDN either you use Cloud Front AWS with AWS WAF or use Akamai depending on type of CDN you have.Still if you want to prevent at apache level then you need to use ModEvasive module in Apache please refer below.

https://scriptstown.com/how-to-protect-your-website-against-ddos-in-apache-web-server/

Regards,

Rajashankar

 

Avatar

Correct answer by
Community Advisor

@manikanthar1295 By configuring Sling, Adobe Dispatcher, a web application firewall, installing the latest security hotfixes and implementing a protected network environment - we can protect from DOS attack.

 

  • Use the mod_rewrite module to perform URL validations (if the URL pattern rules are not too complex).

  • Prevent the dispatcher from caching URLs with spurious extensions by using filters.
    For example, change the caching rules to limit caching to the expected mime types, such as:

    • .html/.jpg/.gif/.swf/.js/.doc/.pdf/.ppt

    To safely enable full functionality on the publish instances, configure filters to prevent access to the following nodes:

  • /etc/
  • /libs/

Then, configure filters to allow access to the following node paths:

  • /etc/designs/*

  • /etc/clientlibs/*

  • /etc/segmentation.segment.js

  • /libs/cq/personalization/components/clickstreamcloud/content/config.json

  • /libs/wcm/stats/tracker.js

  • /libs/cq/personalization/* (JS, CSS and JSON)

  • /libs/cq/security/userinfo.json (CQ user information)

  • /libs/granite/security/currentuser.json (data must not be cached)

  • /libs/cq/i18n/* (Internalization)

Validate all these changes in lower environment before before implementing in Production.

Reference link : https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/getting-started/security...

https://aemexperts.blogspot.com/2019/03/how-to-prevent-dos-attacks-in-aem.html

 

 

Regards,

Raja