capcom Posted May 13, 2021 Share Posted May 13, 2021 I am getting unusually high request from few IPs and wanted to see if there is a way I can rate limit IP address by making a change in .htaccess file. I am able to block the IPs in a day, but it it making unnecessary calls to website. and they keep coming from new IP addresses. any suggestions are welcome.Thanks Quote Link to comment Share on other sites More sharing options...
wolstech Posted May 13, 2021 Share Posted May 13, 2021 This is not possible in stock Apache. It's just allow or block. There are rate limiting modules available, but we don't support any of them. You can manage block lists in cPanel for specific IPs as well. What is the concern about the traffic? Is it causing performance issues or load you're worried about? Quote Link to comment Share on other sites More sharing options...
capcom Posted May 13, 2021 Author Share Posted May 13, 2021 Thanks for the response. I am using the IP blocks to deny access. and keep adding new ones there. My only concern is around load, but when I look at account load in cPanel, it is not significant at all (almost near 0 every day). I just want to make sure that increase in traffic does not cause my account to be flagged. Quote Link to comment Share on other sites More sharing options...
Krydos Posted May 13, 2021 Share Posted May 13, 2021 Depending on the scripting language you're using you could have your website display a low load static error message explaining to the visitor that they're browsing too fast. If it's bots browsing your site you could use .htaccess to block them based on their user agent. A lot of reputable bots will use the user agent string to let you know exactly who they are. If it's a hacker or some sort of illegal bot -- like trying to hack wordpress accounts -- it will likely have a user agent string that is blank or mimics a real browser though. When you're designing your bot it's easy to put whatever you want in the user agent string. If load starts to become an issue, or if it's a mild ddos you're experiencing you could always use a free cloudflare account. It won't work on a free heliohost.us subdomain, but any purchased or free domain can be configured to use cloudflare. Be aware that cloudflare breaks some of the functionality of cpanel though, but it's something to consider to block access to your site. Quote Link to comment Share on other sites More sharing options...
capcom Posted May 13, 2021 Author Share Posted May 13, 2021 I am using python flask and have added rate limiting already and once reached, it will not load data and will just give a "Rate limit applied" message. That part has been working fine. Most of the unwanted traffic is coming as Mozilla browser, operating system is unknown in Awstats, but I have a feeling it is a web scrapper. even after rate limit message, user is keep requesting same url. Quote Link to comment Share on other sites More sharing options...
Krydos Posted May 13, 2021 Share Posted May 13, 2021 You could use cloudflare scrape prevention https://www.cloudflare.com/learning/bots/what-is-data-scraping/ It is of course possible to get around it anyways. I've done it myself, but perhaps your scraper won't be bothered to figure out how to do it. Quote Link to comment Share on other sites More sharing options...
capcom Posted May 14, 2021 Author Share Posted May 14, 2021 Thanks. I will look into this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.