Hi everyone,
I've been experiencing a massive amount of automated scans on my CyberPanel/OpenLiteSpeed server (Ubuntu 24.04). My logs were constantly flooded with hundreds of 404 requests per hour from various IPs targeting nonexistent files (e.g., .env, .git, .php scripts).
I wanted to share the solution that worked best for me without needing heavy external tools like Fail2Ban. By configuring Per Client Throttling directly in the OpenLiteSpeed web interface, I managed to automatically ban these aggressive scanners.
Here is the configuration I applied:
Access your OpenLiteSpeed admin panel (usually port 7080).
Go to Server Configuration -> General -> Security.
I configured the Per Client Throttling section with these values:
[Insira aqui a imagem da sua configuração de Per Client Throttling - a que tem os valores 100/20/10000/3600]
Static Requests/second: 100
Dynamic Requests/second: 20
Banned Period: 3600 seconds (1 hour ban)
Why this works:
Any bot performing high-frequency scans will immediately hit the 20 dynamic requests/second limit and get banned for an hour. This drastically reduced the noise in my server logs and saved resources.
Verification:
After applying the configuration, I performed a "Graceful Restart" on OLS. You can verify it's working by checking your error logs:
tail -f /usr/local/lsws/logs/error.log | grep -i "throttling"
If you are also struggling with bot traffic, I highly recommend this approach. It's performant, built-in, and perfectly integrated with CyberPanel.
Has anyone else found a better way to handle these common scanners? Open to suggestions!
Best regards, Claudio Afonso, BR
bpbol com br