mod_evasive Settings
2016/06/15 |
Enable mod_evasive module to defend from DoS attacks and so on.
|
|
[1] | Install and Configure mod_evasive. |
root@www:~#
root@www:~# apt-get -y install libapache2-mod-evasive a2enmod evasive
root@www:~#
vi /etc/apache2/mods-enabled/evasive.conf # line 3: threshhold for the number of requests for the same page per page interval DOSPageCount 5
# line 4: threshhold for the total number of requests for any object by the same client on the same listener per site interval DOSSiteCount 50
# line 5: The interval for the page count threshhold DOSPageInterval 1
# line 6: The interval for the site count threshhold DOSSiteInterval 1
# line 7: amount of time (in seconds) that a client will be blocked for if they are added to the blocking list DOSBlockingPeriod 300
# line 9: notification address if IP address becomes blacklisted DOSEmailNotify root@localhost
# line 11: specify log directory DOSLogDir " /var/log/mod_evasive "
mkdir /var/log/mod_evasive root@www:~# chown www-data /var/log/mod_evasive root@www:~# systemctl restart apache2
|
[2] | Test with a test tool which is included in RPM package. |
root@www:~# perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK ..... ..... HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden ..... ..... HTTP/1.1 403 Forbidden # turn to "403 Forbidden" if blocked # logs are saved root@www:~# ll /var/log/mod_evasive total 12 -rw-r--r-- 1 www-data www-data 5 Jun 16 14:36 dos-127.0.0.1 # if set notification, it is sent like follows From www-data@www.srv.world Thu Jun 15 19:36:03 2016 X-Original-To: root@localhost To: root@localhost Date: Thu, 16 Jun 2016 14:36:03 +0900 (JST) From: www-data@www.srv.world (www-data) To: root@localhost Subject: HTTP BLACKLIST 127.0.0.1 mod_evasive HTTP Blacklisted 127.0.0.1 |