Categories
  • Linux server 48
  • Apache 23
  • Security 19
  • WordPress 18
  • Почта 16
  • Nginx 14
  • bash 14
  • MySQL 11
  • WHM/cPanel 9
  • Plesk 9
  • мониторинг 9
  • PHP 9
  • Jenkins 8
  • Ubuntu Linux 7
  • IIS 7
  • Other CMS 7
  • Clusters 6
  • Windows Server 5
  • FTP 5
  • Windows server 5
  • MSSQL Server 5
  • Joomla 4
  • CentOS 4
  • HaProxy 4
  • Terraform 4
  • SSL 3
  • FromHabrSandbox 3
  • Varnish 3
  • Perl 3
  • Clouds 3
  • Linux Server 3
  • AWS 3
  • Python 2
  • nginx 2
  • jQuery 2
  • Docker 2
  • RackSpace 2
  • Control Panels 1
  • DNS MX 1
  • Magento 1
  • Active Directory 1
  • Javascript 1
  • Tomcat 1
  • Балансировка нагрузки 1
  • SQL Server 1
  • Linux_server 1
  • Mail 1
  • Мониторинг 1
  • Puppet 1
  • Windows 1
  • Email 1
  • WHM 1
  • cPanel 1
  • Archive 1
  • DevOps 1
  • cloudflare 1
  • git 1

    • Install Apache mod_evasive.

    Description

    Mod_evasive, formerly known as mod_dosevasive, helps to safeguard your Apache web server against DoS, DDoS (Distributed Denial of Service), and brute force attacks. It’s designed to take action during an attack and even alert you via email.

    The module works by creating an internal dynamic table of IP addresses and URIs, as well as blocking IP addresses based on the following actions:

    • Requesting the same page more than a few times per second.
    • Creating more than 50 concurrent requests to the same child per second.
    • Making any requests while temporarily blacklisted.

    Installation

    To install mod_evasive on RHEL/CentOS systems, use the following command:

    yum install mod_evasive

    If you’re using Debian/Ubuntu, you can install mod_evasive with the following command

    apt-get install libapache2-mod-evasive

    Configuration

    The configuration file for mod_evasive is named mod_evasive.conf and can be found in your web server’s configuration directory. For instance:

    /etc/httpd/conf.d/mod_evasive.conf

    Here’s an example of the configuration settings:

    <ifmodule mod_evasive20.c>
  DOSHashTableSize 3097
  DOSPageCount 5
  DOSSiteCount 50
  DOSPageInterval 1
  DOSSiteInterval 1
  DOSBlockingPeriod 90
  DOSLogDir /var/log/apache2/mod_evasive
  DOSWhitelist 127.0.0.1
</ifmodule>

    Explanation of Configuration Parameters

    • DOSHashTableSize: This sets the size of the hash table used to store IP addresses and URIs.
    • DOSPageCount: Defines the maximum number of requests allowed from a single IP to a single page within a specific time interval.
    • DOSPageInterval: The time interval considered for DOSPageCount.
    • DOSSiteCount: Specifies the maximum number of requests allowed from a single IP to the entire site within a specific time interval.
    • DOSSiteInterval: The time interval considered for DOSSiteCount.
    • DOSBlockingPeriod: This determines the time duration an attacking IP is blocked.
    • DOSEmailNotify: You can set an email address here to receive notifications about attacks.
    • DOSLogDir: This is the directory where logs will be stored.
    • DOSWhitelist: You can provide a list of IP addresses that are exempt from these protective measures.

    Testing

    To assess the effectiveness of mod_dosevasive, you can use the Perl script provided below:

    #!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness  
use IO::Socket; use strict;  
for(0..100) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto ="tcp", PeerAddr=> "127.0.0.1:80");
  if (! defined $SOCKET) {
    die $!;
  }
  print $SOCKET "GET /?$_ HTTP/1.0\n\n";
  $response = <$SOCKET>;
  print $response;
  close($SOCKET);
}

    This script simulates a series of requests to evaluate how the module reacts to them.

    Categories:

    Updated:

    You May Also Enjoy

    GIT cheatsheet

    This is one of the cheetsheets I have at this website. The primary purpose of this one is to collect all usefull commands you might need in your daily work. ...