Use mod_evasive for block DOS attack

written by Mr-San.com on November 25, 2006 in Howto with no comments

In some cases, your web server have attacked by someone how to resolve this problem?

Use mod_evasive to resolve this problem

When mod_evasive detects attack, it will create hash table and deny that ip following :

  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

You can get this module via : http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz


How to install?

  • extract mod_evasive_1.10.1.tar.gz
  • change directory to /usr/local/apache2/bin ( or somewhere for apxs)
  • compile mod_evasive with :
    for apache v.2.x
    apxs -i -a -c mod_dosevasive20.c

    for apache v.1.x
    apxs -iac mod_evasive.c

  • add this to httpd.conf
    for apache v.2.x
    LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so

    for apache v.1.x
    LoadModule evasive_module /usr/lib/apache2/modules/mod_evasive.so

  • edit httpd.conf for config mod_evasive
    for apache v2.x
    <IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 2
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 10
    </IfModule>

    for apache v1.x
    <IfModule mod_evasive.c>
    DOSHashTableSize 3097
    DOSPageCount 2
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 10
    </IfModule>

  • then restart apache

You can found some information about mod_evasive at : http://www.zdziarski.com/projects/mod_evasive/

tags:

Related Articles

install PHP4 in Ubuntu 8.04 (Source compile)

Spammers Fighting