Skip to main content

CWP : How to Enable PORTFLOOD Protection using CSF firewall?

There is no practical way to actually prevent Dos / DDoS attacks, because your server is connected to the internet. When you are connected to the internet, even with a simple local PC computer you are exposed to remote attacks. The only thing you can do is to mittigate its effects.

When you are under ddos and trying to mitigate the attack, the server will not respond normally, it will get slower than usual, it can often appear down temporary while the attack is decreasing. On large-volume attacks your provider can even null-route the server IP address to avoid from overload their entire network.

Can CSF firewall help me to stop only small / medium attacks? Why not large attacks?

Beacuse of the way DDOS works. For very large and distributed attacks, you must use a dedicated firewall, or an specialized antiddos shield that works on network level inside the datacenter where you are hosted, or you can use 3rd party anti-ddos services like Cloudflare, Incapsula or Level3 AntiDDOS services.

Unlike your single dedicated server, this 3rd party antiddos services have a huge network with hundred / thousand of servers, with Tbps of bandwidth, they can literally mitigate any kind of DDOS attack.

How can I enable the anti DDOS mitigation using csf firewall?

There are a few directives that can be enabled in order to protect you against DDOS using CSF.
This two options are called PORTFLOOD and SYNFLOOD.

PORTFLOOD Protection

PORTFLOOD = “port;protocol;hit_count;interval_in_seconds”
PORTFLOOD = “80;tcp;50;10”
This means that if the number of connections to port 80 exceeds 50 in ten(10) seconds, all the new connections will be blocked.
Where is my Settings:
PORTFLOOD = 80;tcp;100;5,443;tcp;100;5,22;tcp;5;250