mod_shield is now the HTTP DoS filter on edge.
- Dropped both site + page interval to 75, threshold for site/page 500/180 respectively
- A static file bypass is present, so resource-heavy sites won’t trigger a 429 response while loading css/js/jpg/png/webp. It works off match, so no path resolution is performed. If it flows to a CPU-heavy dispatcher, like index.php, it remains unscored
- To disable, use
cpcmd scope:set apache.shield-static-bypass false - I’d like to move this into the module code directly down the road to calculate off the final, resolved URI after mod_rewrite processes it
- To disable, use
- apache:shield Scopes are available and mirror apache:evasive Scopes
- Increased Rampart detection threshold from 1 event in 12 hours to 2 before it’s blocked in server firewall. Firewall block time is reduced to 3 minutes
- All “f2b_evasive_X” overrides are migrated