When excluding images with mod_dosdetector, I want dynamic images to be targeted for DoS attack detection.

Asked 2 years ago, Updated 2 years ago, 61 views

I would like to take measures against dos with the apache module mod_dosdetector.

The environment to be applied is the web server where the java servlet is running.

Restricted access is not all access to the server, but
Access to Servlet actions is primary and
Access to image files stored in the image directory on the same server is not considered a DOS attack and should not be restricted.

Therefore, in the DoSIgnoreContentType configuration item of mod_dosdetector,
I'm trying to make it happen.
If you specify a content type, the image is not subject to restriction without any problems.
when accessing Servlet actions If the jsp returned by the action returns an image of the same server to the client,
The access itself is no longer restricted.

Is there any way to deal with this situation?

Thank you for your cooperation.

apache

2022-09-30 14:36

1 Answers

After a quick look at the source code, the context of the DoSDetection directive can be a "directory", so you can do DoSDetection Off with static images.(Unconfirmed)

<Directory/path/to/static/image/dir>
    DoSDetection Off
</Directory>


2022-09-30 14:36

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.