WebTracker.one

 
Login
Site Stats
Tools
Whois
Whois
Email Whois
Fingerprint
Logout
Contact
Lost Password
 
Smiley






JavaScript is disabled by your browser. Many features will not work.












Apache mod_evasive - DoS Protection

Apache has a feature for combatting denial of service attacks. It's called mod_evasive and it monitors for excessive page hits by a single IP address.

Here is how you install it for a Debian/Ubuntu system:

sudo apt install libapache2-mod-evasive

Once installed, you will have access to a configuration file:

sudo nano /etc/apache2/mods-enabled/evasive.conf

#DOSHashTableSize 3097

#DOSPageCount 20 #number of requests for an individual page

#DOSSiteCount 100 #number of requests for all pages by a single IP address

#DOSPageInterval 1 #number of seconds for DOSPageCount

#DOSSiteInterval 1 #number of seconds for DOSSiteCount

#DOSBlockingPeriod 3600 #number of seconds an IP address is blacklisted

#DOSEmailNotify you@yourdomain.com

#DOSSystemCommand 'su - someuser -c '/sbin/... %s ...'' #sends the IP to jail

#DOSLogDir '/var/log/mod_evasive'

You will need to uncomment the features that you want to activate. Also consider the settings that are appropriate for your site. For instance, I had to raise the levels much, much more than expected based on a literal interpretation of their definitions.

You will also need to create a modevasive log directory:

sudo mkdir /var/log/mod_evasive

And then assign apache user ownership of the directory:

sudo chown -R www-data:www-data /var/log/mod_evasive

Afterwards, restart apache:

sudo systemctl restart apache2

My site uses an html event-stream to check for login status. The event-stream makes a call every second and continuousy triggered mod_evasive. In particular, I had to keep raising the DOSPageCount and the DOSSiteCount until I was no longer blocked by normal usage.

You will just need to use trial and error to determine the right numbers for your site.

I know that feature works because it blocked me when I had the numbers too low. However, you can check to see if mod-evasive by running a script that comes with it.

perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

The script will send 100 requests to your web server. Your server should then return 400 Bad Request or 403 Forbidden codes indicating that access was denied.

     * posted by Robert on Thu, Jul 28, 2022

Return to Weblog



© 2023 WebTracker.one
 
➤