Warning: Cannot modify header information - headers already sent by (output started at /var/www/lalieno.it/index.php:48) in /var/www/lalieno.it/inc/cookie.php on line 3
a cadenza discontinua
Come se fossi
BLOG

Apache - mod_evasive against DoS attacks

mod_evasive is an Apache module for protection against DoS, DDoS and brute force. Basically this module discards all requests that do not meet the requirements set in Setup avoiding overloads due to the attacks.

Tipologie di attacchi comuni

  • DoS ( Denial of Service )
    It is to saturate the resources of a Web server, an FTP server or another to make it impossible to access. This attack is usually created by a few computers.
  • DDoS ( Distributed Denial of Service )
    It 'a DoS attack but generated by many more computers. Generally speaking a DDoS attack widely distributed also generated from zombie computers, that is from infected computers which participate in the attack.
  • Brute Force
    It consists in carrying out a large number of attempts for the purposes of discovering also access. Such as force a login page trying all possible combinations, or by using a dictionary with common access.

mod_evasive
The module works through the list system, then we will have:

White List
where you can specify IP addresses to which it is allowed to exceed the configuration that prevents attacks module. In theory this should be added only to secure IP, from which we do not expect an attack.
Black List
This list is populated automatically by the module in the event that an IP address does not comply with the configuration that prevents attacks.


Installazione
To install the module, you must issue the command:

Debian / Ubuntu:
apt-get install apache2-utils

CentOS / Fedora:
yum install httpd-devel

But of course you can also install it manually by downloading the tar.gz

Next you need to enable the module:

/etc/apache2/apache2.conf (Debian / Ubuntu)
# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf


/etc/httpd/conf/httpd.conf (CentOS / Fedora)
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

Then you must configure the module directly below the qualification:

<IfModule mod_evasive20.c>
#optional directive (default value equals to 1024)
DOSHashTableSize 1024

#obligatory directives
DOSPageCount 10
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify <someone@somewhere.com>
</IfModule>

Without this restart Apache to apply the configuration changes.

Restart Apache to apply the configuration changes.

Configuration
We analyze in detail the various items:

DOSHashTableSize
Default to 1024, to be increased in the case where this server was very busy. It defines the number of nodes for each hash table daughter.

DOSPageCount
Number of requests to the same page for the DOSPageInterval.

DOSSiteCount
Number of global requirements for DOSPageInterval.

DOSPageInterval
Time interval in seconds. (Defaults to 1)

DOSBlockingPeriod
Interval in seconds in which the requests coming from IP in blackliste will be ignored. (With a 403). This interval is reset to every request, even in the 403 response.

DOSEmailNotify
Email notification of the ban.

DOSLogDir
Default "/ temp".

DOSWhitelist
Defines WhiteList, ip who compose never enter in Blacklist. This is defined directly nell'apache.conf

I hope I have been exhaustive, comment!

di GuiZ
04/09/2015

Commenta

We'll never share your email with anyone else.

Edizione Precedente >>
Precedente >>