Denial of Service attacks are among the oldest yet most common form of attacking a server. Most system administrators have had to deal with DOS attacks taking down a server, router, or other networking device and know how difficult they can be to prevent.
Mod_evasive is an Apache module that limits the number of Apache connections to the server at once, and blocks an offending IP for a specified amount of time. This tutorial will show you how to install mod_evasive on your system.
1. Install:
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -xvzf mod_evasive_1.10.1.tar.gz
cd mod_evasive_1.10.1
/usr/local/apache/bin/apxs -cia mod_evasive.c
2. Configure:
Once the module is compiled, add these lines to httpd.conf and stop Apache completely before starting it up again:
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 50
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>
Below is an explanation of these settings:
DOSHashTableSize – Size of the hash table. The greater this setting, the more memory is required – faster
DOSPageCount – Max number of requests for the same page within the ‘DOSPageInterval’ interval
DOSSiteCount – Max number of requests for a given site, uses the ‘DOSSiteInterval’ interval.
DOSPageInterval – Interval for the ‘DOSPageCount’ threshold in second intervals.
DOSSiteInterval– Interval for the ‘DOSSiteCount’ threshold in second intervals.
DOSBlockingPeriod – Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.