Friday, September 7, 2007

Using mod_evasive for dos attack prevention

A quick solution for blocking dos attacks can be mod_evasive
Installing mod_evasive on an apache2 web server:
# mkdir -p /root/tmp
# cd /root/tmp
# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
# tar zxvf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c


then, in /etc/httpd/conf/httpd.conf add the following lines and restart apache:

<IfModule mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 5
 DOSSiteCount 20
 DOSPageInterval 1
 DOSSiteInterval 1
 DOSBlockingPeriod 10
</IfModule>


remember to modify DOS* directives to suit your needs.
Posted by floyd at 6:25 PM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)