Avoid DoS Attacks using Mod_Evasive on Apache Web Server

Denial of Service, commonly known as the DDoS attack, is one of the biggest threats for your servers security. In a DoS attack, attackers with destructive intentions try overloading the server with requests more than the server can handle. The attacker is able to find holes in the security of the server and exploit it to carry out the attack. Please check the following to know more about DoS Attack . During the initial stages of the attack, the attacker try infecting computing machines with malware or botnets, once a sufficient number of machines get infected, a co-ordinated attack is launched automatically over your Web Hosting  server, wherein, simultaneous requests are sent to your server. These requests can be in the multiples of thousand.

How to avoid DoS attacks using mod_evasive ? #

mod_evasive can be an efficient method of avoiding a DoS attack. It is one of the modules available for an Apache http server, which comes for free.

How to install mod_evasive over your Linux Hosting server ? #

Note: Before proceeding with the installation, it is important that the server is running Apache.

Step i : You are required to login to the server via SSH as root

Step ii : Ensure that the Apache is updated with the latest development files. Use the below command to install http-devel package on your server

yum install httpd-devel

Step iii : Using the following command, you must download the updated version :

wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Step iv : Then use the below command for extracting the archived files:

tar xvzf mod_evasive_1.10.1.tar.gz mod_evasive/

Step v : Then compile the module using the following command :

/usr/sbin/apxs -cia /usr/src/mod_evasive/mod_evasive20.c

Step vi : For activating the module, fire the below command

chmod 755 /usr/lib/httpd/modules/mod_evasive20.so

Step vii : You must then restart Apache

/etc/init.d/httpd restart

Step viii : Ensure that it has been loaded correctly

grep -i evasive /etc/httpd/conf/httpd.conf

The result should be : LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

Run : php -r ‘phpinfo();’ | grep -i evasive

The mod_evasive should get listed

Step ix : Now the Apache conf file: /etc/httpd/conf/httpd.conf should be updated with adding configuration rules

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

You can also go through the documentation for determining the best configuration settings for each. This should help you avoid a DoS attack on your server.

Powered by BetterDocs