There are two settings in CSF you'll need to properly configure for soft DDoS protection.
- SYNFLOOD
- PORTFLOOD
1. SYNFLOOD Configuration in CSF
You can find these settings on your WHM Panel, you need to log in as root to modify the settings.
Sidebar > Scroll Down to Plugins Section in your WHM
Click “ConfigServer Security & Firewall“
Choose “Firewall configuration” from the options section
Now you can find “SYNFLOOD” Settings section with shortcut CRT + F {To Find} and Type SYNFLOOD it will highlight the section. By default, SYNFLOOD is disabled. You will need to enable it and make these recommended changes.
SYNFLOOD = “1″ {ENABLE IT}SYNFLOOD_RATE = “30/s”SYNFLOOD_BURST = “10SYNFLOOD_RATE: Number of SYN packets to accept per IP, per second.SYNFLOOD_BURST: Number of times the IP can hit the rate limit before being blocked in the firewall.
2. PORTFLOOD Configuration in CSF
On the same page, you can find the settings for PORTFLOOD. By default, PORTFLOOD is disabled. You will need to enable it and make these recommended changes.
UDPFLOOD = ONUDPFLOOD_LIMIT = 50/secUDPFLOOD_BURST = 250
Now, on the bottom of the page, click on “CHANGE” and Restart the “CSF” to apply new settings on the server. Now your server is ready to handle soft DDoS attacks.
