[HOW-TO] apache + mod_evasive (anti-DDoS)

Improve security of your Artica server, all discuss about security news and how to fight against hackers/Spammers

[HOW-TO] apache + mod_evasive (anti-DDoS)

New postby chris_c_ » Sun Sep 04, 2011 9:23 am

An add-on to apache, that will automatically add iptables firewall rules, would be required to withstand and block a botnet-based DDoS attack.

But does this apache module for anti-DDoS exist ??

A botnet with 1500 machines / IP addresses, blocked in 2-3 hours:

http://blog.litespeedtech.com/2011/01/0 ... os-attack/

PS : litespeed free version only supports 5 virtual hosts.

Assuming 1 vhost for the management console, litespeed free version would work in artica when the number of groupwares + freewebs is 4 or less...
Last edited by chris_c_ on Sun Sep 04, 2011 10:09 am, edited 1 time in total.
chris_c_
 
Posts: 794
Joined: Wed Oct 20, 2010 7:15 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A Geek

Re: litespeed web server? or apache + anti-DDoS add-on?

New postby chris_c_ » Sun Sep 04, 2011 10:08 am

I'm answering my own question !

MOD_EVASIVE (anti-DDoS module for apache)

1)
Code: Select all
apt-get install libapache2-mod-evasive


2) now add proper config file (to match load file installed automatically),
On debian/ubuntu save as filename: /etc/apache2/mods-available/mod-evasive.conf

Code: Select all
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
DOSEmailNotify me@mydomain.com
DOSSystemCommand "etc/apf/apf -d %s"
DOSLogDir "/var/log/mod_evasive"
</IfModule>


3) now link symbolically from enabled to available:
Code: Select all
cd /etc/apache2/mods-enabled
ln -s ../mods-available/mod-evasive.conf


4) Please make sure that /bin/mail is installed, if not install it using:
Code: Select all
yum install mailx

Code: Select all
apt-get install heirloom-mailx


5) Regarding the log file: change the ownership to the apache user. www-data? apache? nobody?

6) restart apache2:
Code: Select all
service apache2 restart

chris_c_
 
Posts: 794
Joined: Wed Oct 20, 2010 7:15 pm
Artica servers number: 1
Linux System: Debian
Technical skills: A Geek

Re: [HOW-TO] apache + mod_evasive (anti-DDoS)

New postby admin » Sun Sep 04, 2011 12:26 pm

mod_evasive is a feature under FreeWebs
User avatar
admin
Site Admin
 
Posts: 11941
Joined: Wed Oct 17, 2007 7:59 am
Location: France


Return to Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron