There is two settings in CSF you'll need to properly configure for soft DDoS protection.

• SYNFLOOD
• PORTFLOOD

1. SYNFLOOD Configuration in CSF

You can find these settings on your WHM Panel, you need to login as root to modify the settings.

Sidebar > Scroll Down to Plugins Section in your WHM
Click “ConfigServer Security & Firewall“
Choose “Firewall configuration” from the options section

Now you can find “SYNFLOOD” Settings section with shortcut CRT + F {To Find} and Type SYNFLOOD it will highlight the section. By default, SYNFLOOD is disabled. You will need to enable it and make these recommended changes.

SYNFLOOD = “1″ {ENABLE IT}
SYNFLOOD_RATE = “30/s”
SYNFLOOD_BURST = “10
SYNFLOOD_RATE: Number of SYN packets to accept per IP, per second.
SYNFLOOD_BURST: Number of times the IP can hit the rate limit before being blocked in the firewall.

2. PORTFLOOD Configuration in CSF

On the same page, you can find the settings for PORTFLOOD. By default, PORTFLOOD is disabled. You will need to enable it and make these recommended changes.

UDPFLOOD = ON
UDPFLOOD_LIMIT = 50/sec
UDPFLOOD_BURST = 250

Now on the bottom of the page click on “CHANGE” and Restart the “CSF” to apply new settings on the server. Now your server is ready to handle soft DDOS attacks.