Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#16 Today 12:03:27
Re: Approaches against DDoS attacks?
Thanks. There’s an option in Cloudflare to add a rate limit that blocks, for example IPs, if a certain number of requests are sent in a certain time period to a particular url pattern and for a certain amount of time. That all happens before the request is sent to the actual server, so htaccess doesn’t apply yet.
Cloudflare’s free plan has some limitations, as far as I can tell, versus a paid plan. Firstly, you can only set one rate-limit rule. I only seem to be able to limit a single IP to {user-set-number} of requests in 10 seconds. That IP will then be blocked for 10 seconds. My attempts to set that rule hasn’t trapped any requests. Either I’ve set it wrongly (quite possible) or that happens because either:
- the many requests are spread across multiple IPs so that a single one doesn’t send so many requests in quick succession.
- my previous country-based / ASN-IP-Address Block filter had already blocked requests
I started with geographic (Singapore) blocking rule, then looked at the IPs and while they varied, Cloudflare showed that they all belong to Bytedance. They all share an AS Number which Cloudflare shows you. You can add a block rule per AS-N. so I did that and placed it before the geographic filter. It trapped pretty much everything.
TXP Builders – finely-crafted code, design and txp
Offline