- 论坛徽章:
- 0
|
mod_security 可以做到
## 达到阀值,侧封锁对象若干时长
SecRequestBodyAccess On
SecRuleEngine On
SecStatusEngine On
SecDataDir /tmp/modsecurity
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus ^5
SecAuditLogParts ABIFHZ
SecAuditLogType Serial
SecAuditLog /var/log/httpd/modsec_audit.log
SecAction "phase:1,nolog,pass,initcol:ip=%{REQUEST_URI},id:1002"
SecRule IP:REQUEST_COUNT "@ge 5" "phase:1,pass,nolog,skip:1,id:1003 setvar:ip.blocked=1,expirevar:ip.blocked=60"
SecAction "phase:1,pass,setvar:ip.request_count=+1,id:1004,expirevar:ip.request_count=60"
SecRule IP:BLOCKED "@eq 1" "phase:1,pause:1000,deny,log,status:509,setenv:RATELIMITED,skip:1,id:1005"
Header always set Retry-After "10" env=RATELIMITED
ErrorDocument 509 "Rate Limit Exceeded" |
|