Prevent DoS Attacks with Mod_Evasive for Apache

Of all the security threats to your server, few are as difficult to prevent as DoS (denial of service) attacks.  A DoS attack occurs when someone with malignant intentions uses software to overload your server with traffic, either through security holes or through standard traffic methods.  With a DDoS (distributed denial of service) attack, the initial attacker infects other computers with malware or botnets that then automatically launch a coordinated attack against your dedicated server.  DDoS attacks can be launched from hundreds or even thousands of computers simultaneously.

One way to prevent at least some forms of DoS attacks is to use mod_evasive, a free module for Apache HTTP Server.  To install mod_evasive on a Linux server running Apache, do the following:

1. Login to your server via SSH
2. Make sure you have the latest Apache development files (on CentOS, run yum install httpd-devel).
3. Download the latest version:

wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

4. Extract the archived files:

tar xvzf mod_evasive_1.10.1.tar.gz mod_evasive/

5. Begin compiling the module:

/usr/sbin/apxs -cia /usr/src/mod_evasive/mod_evasive20.c

6. Activate the module:

chmod 755 /usr/lib/httpd/modules/mod_evasive20.so

7. Restart Apache

/etc/init.d/httpd restart

8. Test to make sure it was loaded:

grep -i evasive /etc/httpd/conf/httpd.conf

It should return: LoadModule evasive20_module   /usr/lib/httpd/modules/mod_evasive20.so
Then type: php -r ‘phpinfo();’ | grep -i evasive
and you should see mod_evasive listed
9. Now add configuration rules to the Apache conf file: /etc/httpd/conf/httpd.conf

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
</IfModule>

Read the documentation to determine the best settings for each one.  After that, your server should make an extra effort to evade DoS attacks.











Comments: