Apache2 Prevent DDoS Attack With mod_evasive in Debian Squeeze

Valic —  May 12, 2011 — Leave a comment

Article Contents

What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache2 to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Installation:

apt-get install libapache2-mod-evasive

Activate the mod_evasive module:

In the directory: / etc/apache2/mods-available / Debian Squeeze should already have directive to load the module. Or you just can use the following command:

a2enmod mod-evasive

The configuration:


In the /etc/apache2/httpd.conf add the following lines:

<IfModule  mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount 2
   DOSSiteCount 50
   DOSPageInterval 1
   DOSSiteInterval 1
   DOSBlockingPeriod 10
   DOSLogDir "/var/lock/mod_evasive"
 </IfModule>

Now you only need to restart apache:

/etc/init.d/apache2 force-reload.

NOTE: If you want to test the module you can find a perl script in the /usr/share/doc/libapache2-mod-evasive/examples/ location called test.pl To test now whether everything really works as expected, we look at the appropriate log files for the website, it is presented in “127.0.0.1″and run the supplied test script:

tail -f /var/log/apache2/access.log

and in another console run:

perl test.pl

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply