Sunday, February 12, 2012

How to install mod_evasive module for apache?


    mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etc…
    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

Installation Procedure:

# cd /usr/local/src

# wget http://fossies.org/unix/www/apache_httpd_modules/mod_evasive_1.10.1.tar.gz

# tar -xzvf mod_evasive_1.10.1.tar.gz ; cd mod_evasive*

# apxs -cia mod_evasive20.c

  Now add the mod_evasive configuration to your Apache configuration file httpd.conf  as below

LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

 mod_evasive configuration:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify someone@somewhere.com
</IfModule>

# /etc/init.d/httpd restart

No comments:

Post a Comment