Detecting HTTP Floods (While using Cloudflare)
Ive been getting some HTTP floods flowing through cloudflare for a while now, and am looking to use mod_security to block them.
The problem with mod_security is that it doesn't work with cloudflare due to IP blocking.
I took a look at the CF api, and found that I could create a script to block the IPs directly using Theat Control. While that part is easy, I am stumped as to how to get mod_sec to pass the attacking IP (Should be fetchable from the HTTP Request headers) to the script.
I don't want to turn on "I'm under Attack" as this slows down the site, even for legitimate users.