How to Install Apache mod_evasive on AWS Linux/CentOS
erics, Posted July 26th, 2014 at 11:02:17am
I was getting tired of using iptables to block the various hackers and bots constantly slamming my servers (the Chinese are the worst offenders by far – curse them!).
I found the Apache module mod_evasive and installed it.
Here are links to various articles about mod_evasive:
http://www.zdziarski.com/blog/?page_id=442
https://coderwall.com/p/eouy3g
http://www.crucialp.com/resources/tutorials/server-administration/flood-protection-dos-ddos-protection-apache-1.3-2.0-mod_dosevasive-avoiding-denial-of-service-attacks.php
Add the Module to Apache
I keep my httpd.conf under source code control, so you can safely ignore the first and last lines of the following procedure unless you use RCS…
|
1 2 3 4 5 6 7 8 9 |
co -l /etc/httpd/conf/httpd.conf wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz tar xzf mod_evasive_1.10.1.tar.gz cd mod_evasive apxs -cia mod_evasive20.c vim /etc/httpd/conf/httpd.conf apachectl configtest apachectl graceful ci -u /etc/httpd/conf/httpd.conf |
/etc/httpd/conf/httpd.conf
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
LoadModule evasive20_module /usr/lib64/httpd/modules/mod_evasive20.so # Learn more at http://library.linode.com/web-servers/apache/mod-evasive <IfModule mod_evasive20.c> # The hash table size defines the number of top-level nodes for each child # hash table. Increasing this number will provide faster performance by # decreasing the number of iterations required to get to the record, but # consume more memory for table space. You should increase this if you have # a busy web server. The value you specify will automatically be tiered up # to the next prime number in the primes list (see mod_evasive.c for a list # of primes used). DOSHashTableSize 3097 # If set, this email address will receive a notification whenever an IP # address becomes blacklisted. A locking mechanism prevents continous # emails from being sent. DOSEmailNotify mod_evasive@yourDomain.com # NOTE: The following settings apply on a per-IP address basis. # Allow up to 2 requests for the same URI per second: DOSPageInterval 1 DOSPageCount 2 # Allow up to 50 requests across the site per second: DOSSiteInterval 1 DOSSiteCount 50 # Once the client is blacklisted, prevent them from accessing the site # for 600 seconds: DOSBlockingPeriod 600 </IfModule> |
Categories: How-To's, Technology apache, Attack, AWS, AWS Linux, CentOS, DDOS, Defend, dos, evasive, http, mod_evasive, Web
Leave Your Comment
All fields marked with "*" are required.