Assalam-u-alaikum,

Though I wanted my first howto to be quite powerful and explanatory, here is what I am starting with, with a short one.

Mod Evasive (mod_evasive) is a module for Apache web server. Within this, you can define certain limits on it for people trying to access a page on your website. Such as ability to access the same page (more than once) within a second. This is normally an idication of DOS attack. Mod_evasive successfully intercepts such attack and returns a 403 (Forbidden) message to the attacker. Here is how it will be implemented.

System / OS: CentOS 5.0

Homepage of mod_evasive : http://www.zdziarski.com/projects/mod_evasive/

Make sure you have httpd-devel installed before you continue. Otherwise you will not get apxs utlity. You have been warned.

cd ~ wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

tar xzf mod_evasive_1.10.1.tar.gz

cd mod_evasive

apxs -i -a -c mod_evasive20.c

vi /etc/httpd/conf/httpd.conf

< IfModule mod_evasive20.c >
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify webmaster@yourdomain.com
#DOSSystemCommand su - someuser -c '/sbin/...%s... This is firewall command maybe
DOSLogDir “/var/log/httpd/mod_evasive.log”
< /IfModule >

service httpd restart

Time to test it:

Make sure your website’s document Root has an index.html, otherwise you will not get correct results. I had to adjust a line in test.pl to get /mrtg/index.html .

#chmod +x test.pl supplied by source code of mod_evasive.

Execute this test script:

#./test.pl HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

Alhumdulillah. Done.