Is there a way for mitigate HTTP search floods?

[JohnDoe]

Someone is attacking my website via HTTP requests. This requests are created for making search in forum, and takes down my forum. Is there any way to get rid of these HTTP floods? 

[-FP]

You could increase the search flood control setting (per user group setting), completely disable the search function for a given group (app permissions), or you could block the ip of the attacker in your server if you have control over that.

[ASTRAPI]

You can limit connections/Requests using Nginx or you can use Cloudflare or if you want to be more aggressive you can use your server firewall to ban the user

[JohnDoe]

FP,

I found the search flood control setting, but couldn't find how to disable the search function for a given group. Where is this "app permissions" in the admin panel?

[JohnDoe]

Never mind. I found it under System > Applications > System > Search

I disabled the search function for guests and new members. I will see if this helps.

 

 

[Daniel F]

You can manage this via the module permissions https://invisioncommunity.com/4guides/how-to-use-ips-community-suite/member-preferences-and-features/module-level-permissions-r280/

[Chatgroup]

We've got someone doing similar but don't really want to block search for guests as it's a great way for people to discover content.

However, because guests do it I am unable to pin down the damn IP address