Protecting Mautic against DDOS?


I was wondering if anyone has any creative ways to protect Mautic server against DDOS ?

We looked at using Cloudflare but using nginx it seems to not work properly. Does anyone know if we use Apache2 it would be easier with Cloudflare.

Or if someone has creative thoughts against DDOS.


Maybe configuring service such as fail2ban might help. I would also consider locking down mautic in a way that admin/marketer stuff (everything behind login & login itself) would be possible from specific IP (maybe VPN).

As for the public facing part of mautic - configuring rules within fail2ban should help.

Hi, what’s the problem with Cloudflare + nginx? https issues?

when behind proxy it errors out on multiple redirects.
If it is set to DNS only all is good, but then I guess it is not protected

if I go directly to IP/s/dashboard all is good but without https

Looks like pretty common issue, did you try any resolutions listed on the link here:

Add this as first line in mautic’s index.php right after the php opening tag:

$_SERVER[‘HTTPS’] = ‘on’;

Your redir problems will be solved :slight_smile:

I do not mean to step on anyone´s toes here but this should really be a temporary solution if you want to always use https just redirect from http to https (as far as I understood it earlier this can be done on cloudflare level).

I agree, this is a short term hack.
How would you do it in an elegant way?

I do not use Cloudflare so I cannot test it, but on the link above, there is instruction to turn off redirect from http to https on your web server (apache, nginx) and configure it, in Cloudflare platform.

I would try to follow the Cloudflare docs first and only then resort to some alternative solution.

1 Like

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.