Block Single IP requesting multiple domains
Posted: 29 Nov 2022, 00:01
I'm getting a lot of single IP's hitting multiple domains on a server in a DDOS attack. Something like this - 1x IP (sometimes 3, 4 or more) calling:
domain1/index.php
domain2/index.php
domain3/index.php
domain4/index.php
etc
Often they will call 20 url's on the single domain and hit 5,10,20 domains at once, over loading the server. Some of the URL's exist, some don't.
A simple way to block this, is to auto block any IP that hits more than x url's/second and/or x Domains/second. Needs to be an over ride option to allow for CDN's and the odd genuine reason for doing so.
domain1/index.php
domain2/index.php
domain3/index.php
domain4/index.php
etc
Often they will call 20 url's on the single domain and hit 5,10,20 domains at once, over loading the server. Some of the URL's exist, some don't.
A simple way to block this, is to auto block any IP that hits more than x url's/second and/or x Domains/second. Needs to be an over ride option to allow for CDN's and the odd genuine reason for doing so.