Getting DDoS attack is a very annoying things. Beside make your
server slower and worse make your server down. DDoS (Distributed Denial
of Service) is an attempt to attack the server target with flood of
request from many sources, to make the target server busy and then down.
DDoS attack have many various technique but it is basically flood the
target server with high and cpu consuming request and later make the
server malfunction or down.
You can prevent DDoS attack by using
mod_evasive in Apache 2. Mod_evasive is an Apache module that provides
evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of
Service) attack or brute force attack to the web server. When possible
attacks are detected, mod_evasive will block the traffic from the source
for a specific duration of time, and reports abuses via email and
syslog facilities. And mod_evasive can be configured to talk to
iptables, ipchains, firewalls, routers, and etc. to build a
comprehensive DDOS prevention system for the high traffic busy web
server.
To install mode_evasive:
1. Open your terminal or remotely login to your server via ssh
2. Download the mod_evasive module:
1. Open your terminal or remotely login to your server via ssh
2. Download the mod_evasive module:
cd /opt/ wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
3. Extract it:
tar -zxvf mod_evasive_1.10.1.tar.gz cd mod_evasive
4. Install mod_evasive:
/usr/local/apache/bin/apxs -cia mod_evasive.c
5. Open httpd.conf:
vim /usr/local/apache/conf/httpd.conf #Add this lines DOSHashTableSize 3097 DOSPageCount 5 DOSSiteCount 100 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 600 DOSLogDir "/var/log/httpd/" DOSEmailNotify users@example.com
Save and exit the httpd.conf Apache configuration file.
6. Restart Apache:
6. Restart Apache:
/etc/init.d/htpd restart
There are a lot of ways to configure mod_evasive. See below manual configuration for mod_evasive:
DOSHashTableSize
Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
DOSPageCount
Number of requests for the same page within the ‘DOSPageInterval’ interval that will get an IP address added to the blocking list.
Number of requests for the same page within the ‘DOSPageInterval’ interval that will get an IP address added to the blocking list.
DOSSiteCount
Same as ‘DOSPageCount’, but corresponds to the number of requests for a given site, and uses the ‘DOSSiteInterval’ interval.
DOSPageInterval
Interval for the ‘DOSPageCount’ threshold in second intervals.
Same as ‘DOSPageCount’, but corresponds to the number of requests for a given site, and uses the ‘DOSSiteInterval’ interval.
DOSPageInterval
Interval for the ‘DOSPageCount’ threshold in second intervals.
DOSSiteInterval
Interval for the ‘DOSSiteCount’ threshold in second intervals.
Interval for the ‘DOSSiteCount’ threshold in second intervals.
DOSBlockingPeriod
Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.
Reply With Quote
Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.
Reply With Quote
DOSEmailNotify
If this value is set, an email will be sent to the address specified
whenever an IP address becomes blacklisted. A locking mechanism using /tmp
prevents continuous emails from being sent.
If this value is set, an email will be sent to the address specified
whenever an IP address becomes blacklisted. A locking mechanism using /tmp
prevents continuous emails from being sent.
PS:
The mod_evasive is not the only way to prevent DDoS attack, and not
guarantee would be a perfect way to stop the attacker from attacking
you.
0 komentar:
Post a Comment