I have a web application that injects content into the users page dynamically via ajax at the click of a button.
A user may click the button multiple time in quick succession.
In increasing the hardening score on the server in question, i am thinking about installing mod_evasive.
https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache
DOSPageCount This is the threshold for the number of requests for the same page (or URI) per page interval. Once the threshold for that interval has been exceeded, the IP address of the client will be added to the blocking list.
Is this not going to render all users of my application, blocked?
If I was to write a DDOS script i would alter the url it hit on each cycle.. but then mod_evasive has this:
DOSSiteCount This is the threshold for the total number of requests for any object by the same client on the same listener per site interval. Once the threshold for that interval has been exceeded, the IP address of the client will be added to the blocking list.
Has anyone any tips on using mod_evasive on an ajax drive web application?
0 Answers