I have a web shop on the very much traffic is, but this traffic is apparently generated by bots, which load pages, but never the pictures, javascript files or css files load. I want to lock these connections with mod-security, but I find nowhere a rule with which I can do that.
First I had tried with the firewall the IP lock, but the always come with other addresses. Undertaking is pointless.
The user agent is different ... it can not be seen that the connection of a bot comes. The only thing that is noticeable is that they never load an image or a CSS file from the page.
The accesses are however not so much and fast, so the mod_evasive does not strike.
Obviously, it is a good idea to make the page so slow, the normal user quickly give up :-( I think a competitor has a ddos attack run ... who knows that already ...
Does anyone have the same problem or for this problem a mod-security rule, with which I could work?
Does somebody has any idea?
Best regards, Holger