Limit number of urls per ip within a time limit?

General questions relating to Joomla! 3.x.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting.
Forum Post Assistant - If you are serious about wanting help, you should use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10
Post Reply
vicn1222
Joomla! Intern
Joomla! Intern
Posts: 63
Joined: Fri Jul 02, 2021 10:34 pm

Limit number of urls per ip within a time limit?

Post by vicn1222 » Sat Sep 25, 2021 1:00 am

Hi,

Is there a way to limit number of url calls per ip within a time period in joomla?

For instance, if an ip makes 10 urls call within 10 seconds, then ban this ip for 5 minutes, etc.

Or is there an apache2 plugin that will do this?

My server is CentOS 8 with Apache/2.4.48.

Thanks

User avatar
simplesource
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 102
Joined: Wed Jul 15, 2009 7:59 pm
Location: Georgia
Contact:

Re: Limit number of urls per ip within a time limit?

Post by simplesource » Sat Sep 25, 2021 7:20 pm

This is generally something easy to do at the server level. Check with your hosting provider to see if they use a software firewall (e.g. CSF, APF, etc.). It sounds like you may have root access. If so, CSF has this functionality like this, it’s free to install and works quite well. I’m not sure what your particular use case is, but if this is for a login page, there are plenty of security extensions, and server level tools, that have brute force detection and will block IPs on a rolling basis just like you’ve described. Something else that could help with this is cloudlinux configuration if you have that available. You can rate limit by IP using cloudlinux.
Simple Source Solutions - https://getsimple.net/joomla-hosting/
Managed Joomla Hosting by Joomla pros

vicn1222
Joomla! Intern
Joomla! Intern
Posts: 63
Joined: Fri Jul 02, 2021 10:34 pm

Re: Limit number of urls per ip within a time limit?

Post by vicn1222 » Sun Sep 26, 2021 4:37 am

simplesource wrote:
Sat Sep 25, 2021 7:20 pm
This is generally something easy to do at the server level. Check with your hosting provider to see if they use a software firewall (e.g. CSF, APF, etc.). It sounds like you may have root access. If so, CSF has this functionality like this, it’s free to install and works quite well. I’m not sure what your particular use case is, but if this is for a login page, there are plenty of security extensions, and server level tools, that have brute force detection and will block IPs on a rolling basis just like you’ve described. Something else that could help with this is cloudlinux configuration if you have that available. You can rate limit by IP using cloudlinux.
I do have root access.

I try to use fail2ban, but it can only bans sshd when it fails 3 times. It does nothing on apache. The apache logpath is correct.

Below is the jail.local

Code: Select all


[DEFAULT]
# Ban IP/hosts for 24 hour ( 24h*3600s = 86400s):
bantime = 86400
 
# An ip address/host is banned if it has generated "maxretry" during the last "findtime" seconds.
findtime = 600
maxretry = 3

# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator. For example, add your 
# static IP address that you always use for login such as 103.1.2.3
#ignoreip = 127.0.0.1/8 ::1 103.1.2.3
 
# Call iptables to ban IP address
banaction = iptables-multiport
 
backend = systemd

# Enable sshd protection
[sshd]
enabled = true


[apache-proxy]
enabled = false
port    = http,https
filter  = apache-proxy
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log
maxretry = 0
findtime = 604800
bantime = 604800

[apache-badbots]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-noscript]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-overflows]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-botsearch]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-fakegooglebot]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-modsecurity]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[apache-shellshock]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[php-url-fopen]
enabled = true
port    = 80,443
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log

[block-all-dem-noobs]
enabled = true
port = http,https
filter = block-all-dem-noobs
logpath = /home/www/domains/logs/access_log /var/log/httpd/error_log
maxretry = 10
findtime = 5
bantime = 600
action = iptables[name=HTTP, port=http, protocol=tcp]


Post Reply

Return to “General Questions/New to Joomla! 3.x”