Level 16
Why are you logging these?
Does your app crash whenever an invalid URL is requested? If that's the case, you should fix that.
404's should not be logged.
Dec 27, 2021
15
Level 3
I got DDOS attack.
I have two routes.
in web.php
Route::get('/', function () {
return view('welcome');
});
Route::resource('posts', PostController::class );
I could find errors in log file.
Attacker send request something like these.
/?121asdasd
/?asd121
/posts/av123
/posts/123vv
It made an error file very big and it consumes too much php process up to max.
I would like to restrict the input and keep their ips in database to ban.
How can I restrict user router input optimally ?
Level 3
Actually it is be done by nginx.
And the problem is that the attack request consumes all limited php processes.
So server can not serve another request.
Big logging file is not the top trouble.
It consumes all php processes not to serve normal request.
Level 102
@binggle maybe use something like cloud flare then to help out https://www.cloudflare.com/lp/ppc/ddos-x/
Level 16
Level 3
Thanks.
Actually cloudflare is what I did for first-aid.
But I am looking for ways with laravel.
Level 102
@binggle you said the problem is with nginx, so you cannot do anything to mitigate it with laravel. Nginx comes before laravel
Level 3
@Sinnbeck My experiences with nginx is not much.
Customizing ban2fail with nginx was hard and it did not work even though I followed guide somewhere in internet.
So I think I can find same way with laravel.
Thanks.
Level 102
You can try adding a firewall https://github.com/akaunting/laravel-firewall
https://github.com/antonioribeiro/firewall
And rotate your logs https://laravel.com/docs/8.x/logging#available-channel-drivers
Level 3
Level 3
@Sinnbeck I checked all now.
All is about blocking ips . not restrict or check Request Input.
I need to check route inputs and decide it to fail or success first.
I feel and guess I have to make middleware for it.
But also I guess the best place is the router not middleware cause of loading duty.
Thanks.
Level 104
@binggle you can install fail2ban on the server and create rules to automatically ban the incoming requests.
Level 3
@tykus I tried it before. but customizing with nginx is hard and failed.
Thanks.
Level 104
@binggle pretty sure I used this Servers for Hackers short course to help me whenever I was getting started with this
1 like
Level 3
@tykus thanks for informations.
I checked the last course.
it was about to install ban2fail and configuration.
I guess I need more deep and skilled customization guide.
Thanks.
Level 3
Please or to participate in this conversation.