Skip to Main Content

DDoS

View DateLast View DateFirst View DateScoreNPage Id NIp StartIp Address 1Ip Address 2Ip Address NAgentAgent NBot Pk IdBot TypeIp FromIp ToInfo SourceUser Agent RegexDescription
2026-07-122026-07-12 20:44:302026-07-12 10:04:572.0216519294.157..***.***.***.***1DuckAssistBot/1.2; (+http://duckduckgo.com/duckassistbot.html)112
  • 1 - 1 of 1

Info

DDoS attacks (or Brute Force attacks or other bot-related behavior that amounts to the same thing) are becoming a bit of a problem for my server.
Thousands of requests per hour are too much for my modest setup, so I had to take some measures.
So I created a query to find suspicious IP addresses and/or User Agents using apex_workspace_activity_log. See the code below - I hid the complete IP addresses for privacy reasons.
If I identify an attack, I can add a "rewrite rule" to Apache (on my proxy server) to block an IP range or User Agent. More info on that here and here.

This is not ideal of course. A problem has to arise first, before I can act. But it's better than doing nothing.
I should look into other measures like Mod_evasive, Mod_security, Fail2ban, etc., but for now this sort of works.

ModSecurity

Update May 2023:
Things were getting out of hand, so I installed ModSecurity on my Apache reverse proxy server (Apache 2.4 on AlmaLinux 8).
That turned out to be quite simple (after a few hours of trying all sorts of cookbooks that did not work...). Here's what I did:
You will need to deactivate ModSecurity from any machine/subnet that is allowed to use Apex Builder. Otherwise saving anything in the Apex Builder will result in a 403 error.
In my case I need to do this for IP 192.168.2.254, which is my internal router address. You can check the log here: And to check if it all works, perform an "illegal" request: which should return:

Apache Ultimate Bad Bot Blocker

Update March 2026:
The traffic from all sorts of bots was getting out of hand again, with performance issues and ORDS errors as a result.
I saw a lot of AI bots in the logs, which is to be expected of course.

I already blocked quite a few bots, and I tried to keep track of all the new ones, but that was getting harder and harder to do by hand.
So as an additional line of defense, I tried Apache Ultimate Bad Bot Blocker.
Seems to work just fine, but it will take a couple of weeks to be sure.

Code

Page

Identification
Page ID
Name
Page Alias

Region

Identification
Sequence
Title
Type
Source
Location
Query Type
Region Source

View

View
Name
DDL