Today's Pungenday, the 73rd day of Chaos in the YOLD 3176.

mod_evasive - Prevent DoS Attacks

2009-06-18 by xpheas
What is mod_evasive?
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

For more info, visit the authors website:
http://www.zdziarski.com/projects/mod_evasive/


Installing mod_evasive is pretty easy on Debian or Ubuntu:
BASH-Code:
1

apt-get install libapache2-mod-evasive

Restart Apache, that's it.
OK, if you want, you can do some configuration:
BASH-Code:
1

nano /etc/apache2/httpd.conf

BASH-Code:
1
2
3
4
5
6
7
8
9
10

<IfModule mod_evasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   10
        DOSEmailNotify root@xpheas.com
        DOSLogDir "/var/lock/mod_evasive"
</IfModule>

For email notification set the DOSEmailNotify directive.
On my Debian box i also had to create a symlink to /bin/mail because mod_evasive looks in /bin/mail for the mailer.
BASH-Code:
1

ln -s /etc/alternatives/mail /bin/mail

Lock files are stored in /tmp by default. Set the DOSLogDir directive to change the path.
I.e.
BASH-Code:
1
2

mkdir /var/lock/mod_evasive
chown www-data:root /var/lock/mod_evasive

  « back

Leave a comment

Name:*


Email: (not visible)


Website:


Comment:*