mod_qos for Apache 2.2 on Cpanel
mod_qos gives the server admin a few more controls over how Apache handles connections.
It is a rules based filter and can be assigned to specific urls / file locations.
Full documentation here: https://opensource.adnovum.ch/mod_qos/
To activate on a cPanel server compile Apache with the mod_qos module. NOTE: only works with Apache 2.2 at the moment.
To add rules via Cpanel use:
Apache Configuration > Includes Editor > Add in the Pre Virtual Host Include
Mod_qos with CSF+LFD
Be careful when using Mod_qos with CSF+LFD firewall! We were using the Mod_qos as a trigger to block IP’s on our hosting server, which worked well to block a lot of would-be hackers IP addresses – though in the end had to disable this and instead just allowed Mod_qos to bock traffic according to it’s own configured rules in real time.
Basically we found that a lot of valid user IP’s were triggering CSF+LFD blocks due to denied SSL requests to non-ssl enabled accounts (people trying to access their sites via SSL when SSL was not enabled), as well as other miconfigurations on the client side that were hitting port 443 with non valid url requests. Even hosted web pages / applications that were making improper SSL calls to the server once loaded into client browsers were triggering blocks.
The APACHE error log symptom looked like this:
[Tue Mar 11 19:40:22 2014] [error] [client 220.127.116.11] mod_qos(045): access denied, invalid request line: can’t parse uri, c=203.161.xxx.xxx
The corresponding APACHE access log looked like this:
203.161.xxx.xxx – – [11/Mar/2014:19:40:22 +1000] “x16x03x03” 400 1994
Generally there were 2-20 of these in a row – and depending on your LFD_QOS and LF_INTERVAL settings you can see how these mod_qos denied lines can easily provide a false positive block.