ModSecurity Dos Protection怎么样?

时间:2018-08-15 10:37:45

标签: nginx mod-security

我尝试安装modsecurity 2.9.1,但似乎对dos保护无效,我通过ab工具进行了测试,如下所示:

  

ab -r -k -n50 -c20 -H“用户代理:由George测试”“ http://api.domain.com/test/ab?k1=v10

但结果:

Document Path:          /test/ab?k1=v10
Document Length:        0 bytes

Concurrency Level:      20
Time taken for tests:   6.202 seconds
Complete requests:      50
Failed requests:        0
Keep-Alive requests:    0
Total transferred:      0 bytes
HTML transferred:       0 bytes
Requests per second:    8.06 [#/sec] (mean)
Time per request:       2480.740 [ms] (mean)

在并发下没有效果。我的modsecurity配置如下:

setvar:'tx.static_extensions=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/',\
setvar:'tx.dos_burst_time_slice=5',\
setvar:'tx.dos_counter_threshold=20',\
setvar:'tx.dos_block_timeout=120'"

有什么想法吗?

1 个答案:

答案 0 :(得分:0)

您的核心规则集/ CRS版本是什么? (您使用的DOS规则取自CRS)