What is mod_evasive?
mod_evasive is an evasive maneuvers module for Apache2 to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
apt-get install libapache2-mod-evasive
Activate the mod_evasive module:
In the directory: / etc/apache2/mods-available / Debian Squeeze should already have directive to load the module. Or you just can use the following command:
In the /etc/apache2/httpd.conf add the following lines:
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir "/var/lock/mod_evasive" </IfModule>
Now you only need to restart apache:
NOTE: If you want to test the module you can find a perl script in the /usr/share/doc/libapache2-mod-evasive/examples/ location called test.pl To test now whether everything really works as expected, we look at the appropriate log files for the website, it is presented in “127.0.0.1”and run the supplied test script:
tail -f /var/log/apache2/access.log
and in another console run: