WBITT

We Bring In Tomorrows Technology

  • Full Screen
  • Wide Screen
  • Narrow Screen
  • Increase font size
  • Default font size
  • Decrease font size

Mod Evasive for Apache (First line of defence against DOS attacks)

E-mail Print PDF
User Rating: / 6
PoorBest 

Assalam-u-alaikum,

Though I wanted my first howto to be quite powerful and explanatory, here is what I am starting with, with a short one.

Mod Evasive (mod_evasive) is a module for Apache web server. Within this, you can define certain limits on it for people trying to access a page on your website. Such as ability to access the same page (more than once) within a second. This is normally an idication of DOS attack. Mod_evasive successfully intercepts such attack and returns a 403 (Forbidden) message to the attacker. Here is how it will be implemented.

System / OS: CentOS 5.0

Homepage of mod_evasive : http://www.zdziarski.com/projects/mod_evasive/


Make sure you have httpd-devel installed before you continue. Otherwise you will not get apxs utlity. You have been warned.

cd ~
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz

cd mod_evasive

apxs -i -a -c mod_evasive20.c

vi /etc/httpd/conf/httpd.conf
....

<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
DOSEmailNotify      This e-mail address is being protected from spambots. You need JavaScript enabled to view it
#     DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'" # this is firewall command maybe
DOSLogDir           "/var/log/httpd/mod_evasive.log"
</IfModule>



service httpd restart


Time to test it:

Make sure your website's document Root has an index.html, otherwise you will not get correct results. I had to adjust a line in test.pl to get /mrtg/index.html .


# chmod +x test.pl  # supplied by source code of mod_evasive.

Execute this test script:

# ./test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
...
...
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
..
...
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

Alhumdulillah. Done.

 

You are here How To / Tutorials Mod Evasive for Apache (First line of defence against DOS attacks)