mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_security installation procedure, please use mod_security howto article.
The mod_evasive authoring site (zdziarski.com) states that mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera..
*Note: mod_evasive module has been known to cause problems with frontpage server extensions. If you use frontpage server extension, you should thoroughly test your mod_evasive installation before deploying a production server.
1a. Apache 1.3.x
# Download latest stable version of mod_evasive from zdziarski.com website
# See wget command below: the current version number is mod_evasive_1.10.1.tar.gz.
bash# cd /usr/src
bash# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
bash# tar xfz mod_evasive_1.10.1.tar.gz
bash# cd mod_evasive
# Find the location of Apache Extension Tool (apxs) binary and perform the following.
bash# type apxs
# OR
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/bin/apxs -cia mod_evasive.c
1b. Apache 2.0.x
bash# up2date -i httpd-devel
bash# cd /usr/src
# Download latest stable version of mod_evasive from zdziarski.com website
# See wget command below: the current version number is mod_evasive_1.10.1.tar.gz.
bash# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
bash# tar xfz mod_evasive_1.10.1.tar.gz
bash# cd mod_evasive
bash# $APACHE_ROOT/bin/apxs -cia mod_evasive20.c
2a. Configure mod_evasive for Apache 1.3.x. Find a location of httpd.conf, and edit with the following contents. Please follow mod_evasive documentation for configuration options. For this exercise, we'll block the offending IP for 5 minutes before granting access again.
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
</IfModule>
2b. Configure mod_evasive for Apache 2.0.x. Find a location of httpd.conf, and edit with the following contents. Please follow mod_evasive documentation for configuration options. For this exercise, we'll block the offending IP for 5 minutes before granting access again.
No comments:
Post a Comment