Topic: Apache 2.2 is flooded with "POST" requests

[Chainz]

Hi
I'm running a website on Apache 2.2.25 with PHP 5.3.6 and mod_security 2.7.6 on a Windows server 2003.
A couple of days ago my website went down due to a attack with excessive amount of "POST" requests, which the server can't handle. Below I'm attaching 30 seconds of the Apache access log file.

I don't have a clue how to oppose to this. My site is still down.

Can I add a rule to mod_security, or add some other mod to Apache which will counteract this?

If anyone needs more information, I will post it immediately.

Thank you in advance.

[jraute]

Sorry, this is traffic for sure, but not extensively.

[Chainz]

I can assure you that my site does not have that many visitors, beacuse of the fact that I am running it for more than five years and there was no such traffic what so ever, and all of a sudden, boom four five requests per second non stop for over e week now. That's not right. And since I applied mod_security, at least I got the site back running. When I didn't have it it just froze with 100% of CPU usage.
And futhermore the access log file looks a lot different when someone actually visits the site, it's not just "POST" ....

So anyone have another idea? How to further fix this?

[AdrianK_IT]

Hi Chainz

Are you still having problems? What sort of firewall options do you have on your server, or router?

I use a PHP script, run daily, which semi-automatically analyses my logs and writes any IP address exhibiting unwanted behaviour (request strings, user agents) into an .xml file which I can import into my server firewall (Comodo) blocklist.

For (my) security reasons, I'm not willing to go into detail. However, if you can code in PHP, I could give you some pointers.