These days I’m getting ddos attacks directly to hosted MP4 files in my server, my website is a video streaming website.
I need to detect abusive actions and block them using Rate Limiting but when I do that I also block legitimate requests too.
I’ve created this rules :
PATH : mydomain.com/*.mp4
REQUEST 10 In 10 Seconds Then Block.
But it seems that it block normal users too who try to view videos with HTML Player.
Ive also created a firewall rules to block requests with referrer different from my domain.
If someone has an idea on how to stop these kinds of attacks it will be much appreciated.