Per Client Throttling not working

stmx

New Member
#1
CentOS 7 and OpenLiteSpeed 1.6.21

I set request limit Static Requests/second and Dynamic to 1/sec on Virtual Host Level
Bad guys make 15 requests/second and HTTP-reply code always 200. How I can make it working?
 

stmx

New Member
#4
Yes, I using CloudFlare and added it's IP as trusted.
This means anybody from CloudFlare is now trusted and I cannot protect my site from DDoS? I just need real visitors IPs.

I use nginx on another server and never has problems like this. My server under HTTP-flood, in nginx I can just use "limit req zone" to allow 1req/sec. For some reason in LiteSpeed it's not working, so my site is overloaded and cannot work stable right now.
 

stmx

New Member
#5
Can I install nginx as front-end before LiteSpeed to filter DDoS like this? I cannot find example nginx vhost settings for this. I cannot filter DDoS on LiteSpeed efficiently, but LiteSpeed have fast PHP. If I can setup nginx+litespeed I can mitigate attack because nginx have more settings which can be changed depending on the conditions & cookies & requests marks etc.
 

Cold-Egg

Administrator
#9
I just did the same test, it seems like a bug on OpenLiteSpeed. Will update you once we fixed it. In the meantime, please try to turn on the LSCache, reCaptcha, or Cloudflare under attack mode.
 
#12
How I can update?

Code:
[root@ns3197971 logs]# yum search openlitespeed
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * epel: ftp.icm.edu.pl
====================================== N/S matched: openlitespeed ======================================
openlitespeed.x86_64 : OpenLiteSpeed
openlitespeed14.x86_64 : OpenLiteSpeed adds more options to open source community
openlitespeed-asan.x86_64 : ASAN
openlitespeed-debug.x86_64 : Debug
openlitespeed-prof.x86_64 : Prof
 
#14
Ok thank you - looks like it's working now.
If I hit Per Client Throttling CloudFlare show error - Web server is returning an unknown error

How I can monitor blocked requests in access log? Anti-DDoS Blocked IP Count in UI always = 0
 
#15
The problem is that if I hit Per Client Throttling I always see cloudflare error, but in logs - HTTP 200 code.
So site remains inaccessible for my IP until I reload LiteSpeed
 
#16
For some reason error displayed periodically after I hit restriction. I set 2 for dynamic and 5 for static and try to load page with 1 image.
Sometimes I see error "Web server is returning an unknown error", but in logs it's always 200 OK.
 
Top