Is mod_sec and the OWASP rule set adequate to protect against DDoS and DoS attacks or would you recommend taking additional steps, e.g. blocking suspicious IP addresses which have been identified by mod_sec using iptables?
Would you recommend activating mod_evasive in addition to mod_sec?
What about ShoreWall and CSFirewall?
Thank you!
mod_sec only provides "rate-limiting", that can offer a degree of DOS protection, when the attack originates from same set of IP addresses. It can deny/drop connections, when let's say there are more than, say 20 requests from the same IP. It would not offer protection from DDoS, where compromised command and control hosts continue slow paced attacks spanning over days.
On your second question: I do not have much insight into mod_evasive.
