Question

How i can prevent a lot of get requests on apache

How i can prevent this type of requests on my server? I’m using a program “webserver stress toll 8” to generate them but can’t prevent and block this access. I try to user mod_evasive on apache and fail2ban, but my settings doesnt work.

191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
191.184.247.88 - - [15/Oct/2016:20:36:59 -0400] "GET /grupos-com-guia.php HTTP/1.0" 200 49027 "-" "Mozilla/5.0 (compatible; Webserver Stress Tool 8; Windows); (simulated_by_Webserver_Stress_Tool)"
Subscribe
Share

Can you share the fail2ban rules you’re using? It should be possible to prevent these attempts with a tool like fail2ban by only allowing so many requests before blocking access. Do you have a configured firewall on your droplet? If so, what rules if any are you using currently?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Sorry to see that your question hasn’t received an answer yet. Unfortunately, after this much time, it is unlikely that an answer for this specific question will be provided. For people still landing here via search, check out this tutorial on getting started with Fail2Ban and Apache:

You might also be interested in mod_ratelimit It has been included with Apache since version 2.4. Though it sets limits based on bandwidth usage rather than individual GET requests. See: http://httpd.apache.org/docs/2.4/mod/mod_ratelimit.html