Recently, a number of reworked scripts from the shared code on the network are used to attack denial of service, these refactored scripts are often modified by the attacker to use a list of proxies to flood, so it is difficult to detect. limit request/connection, when I log out, I see a large number of accesses from many different IPs.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
However, because the attacker uses free proxies here, they all have one thing in common, “X_Forwarded_For”. This type of attack, if hit on a highly configured server, often overloads internal services such as Database (Mysql) or CGI (PHP, Perl, Websocket, …) causing a “Time out” error due to too much processing. request 1 time.
The configuration below will help you in such cases, it blocks all requests containing X-Forwarded_For so as not to affect the back-end services. However, it also depends on the Webserver you use and server configuration, if the webserver like apache is slow to handle congestion and hangs, you should build nginx first to block.
For Servers using Apache:
Add the following code to the .htaccess file
/share/anti_dos_through_multi_proxies
# .htaccess for apache
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ [OR]
RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED} !^$
RewriteRule ^(.*)$ - [F]
</IfModule>
For Servers using Nginx:
# nginx config
if ($http_x_forwarded_for) {return 444;}
