mod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities.
The below steps were used to install mod_dosevasive on Apache-2.
-
Installation:
-
Check that you have httpd-devel package installed as you will need apxs
Download mod_dosevasive.
Unpackage and run `apxs -i -a -c mod_dosevasive20.c` in the corresponding folder.
Check httpd.conf file for "LoadModule dosevasive20_module modules/mod_dosevasive20.so"
Restart apache.
-
mod_dosevasive has default options configured, but you may also add the
following block to your httpd.conf:
<IfModule mod_dosevasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule>Optionally you can also add the following directives:
DOSEmailNotify you@yourdomain.com DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" DOSLogDir "/var/lock/mod_dosevasive"Test:
-
Test using the provided test.pl script.
By default "/tmp" will be used for locking mechanism.
Check the included README file for more info...
- sandip's blog
- Login or register to post comments