This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive)

You can use this module by including "iosec.php" to any PHP file which wants to be protected.

You can test module here: (demo)

Watch the Proof of Concept video:

Hakin9 IT Security Magazine Article about IOSEC (different format ->

IJNSA Article at

WP Plugin Page

CHANGES v.1.8.2
- Iptables Auto Ban Bash Script Included
- Token Access via Implicit Deny
- Reverse Proxy Support
- reCAPTCHA Support

IOSEC is used by over 15.000 sites in 2013!

Do you want more features? Check for third party addons

Gökhan Muharremoğlu


  • This is a unique project and it is the world's first web application flood guard script.
  • At web application (scripting) level you can,
  • - Block proxies. (only via HTTP header)
  • - Detect flooding IP addresses.
  • - Slow down or restrict access for automated tools (HTTP flood, brute force tools, vulnerability scanners, etc.)
  • - Save your server & backend infrastructure resources (database, cpu, ram, etc.) under an attack.
  • - Restrict access permanently or temporarily for listed IP addresses in "banlist" file.
  • - Notify yourself via email alerts when attacks begin.
  • - Implicit deny for DoS/DDoS attacks
  • - Integrate it with CloudFlare, Firewall, Iptables, etc.
  • - Reduce attack surface at OSI Layer 7.
  • In 2 months, more than 1000 downloads now, thank you.
  • Don't forget to read articles about IOSEC (links above) to learn what it does precisely.

Project Samples

Project Activity

See All Activity >

Follow HTTP Anti Flood/DoS Security Module

HTTP Anti Flood/DoS Security Module Web Site

Other Useful Business Software

Monitor Your Most Critical Cloud & SaaS Applications Monitor Your Most Critical Cloud & SaaS Applications Icon
Monitor Your Most Critical Cloud & SaaS Applications Icon

Get insights into the performance of applications and services such as AWS, Salesforce, Office 365 and WebEx.

With a view into both web and network health, you'll be able to pinpoint the cause of an outage instantly, whether it's within your network, a provider's network or the SaaS application. Save time, track SLAs and clear tickets faster.
Are you involved with your company's network performance/operations team?
Try It FREE!

Rate This Project

Login To Rate This Project

User Ratings

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

User Reviews

  • this might sound silly but how do i implement this on my machine? can i use it to protect an apache server? yer? HOW??!! if its possible to send me reply by emailing plz

  • nice security tool for preventing and detecting bad-guys.

  • 10 seconds is too short, given the well-known Captcha problems. Otherwise good.

  • small and efficient and gets the job done.

Read more reviews >

Additional Project Details


English, Turkish

Intended Audience

Advanced End Users, System Administrators, End Users/Desktop, Testers, Security Professionals, Security

Programming Language


Database Environment