How to protect Apache against DOS,DDOS or brute force attacks

 Webserver  Add comments
May 122009
 

    If you want to protect your apache webserver against DOS,DDOS or brute force attacks use mod_evasive module.mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

    Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

    * Requesting the same page more than a few times per second
    * Making more than 50 concurrent requests on the same child per second
    * Making any requests while temporarily blacklisted (on a blocking list)

    This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.

    This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.

    Install mod_evasive in Debian

    #apt-get install libapache2-mod-evasive

    This will complete the installation

    Test mod_evasive Module

    open any browser,open your apache server home page, and click the reload button as fast as you can.

    Related content:

    1. Install and Configure Apache2 with PHP5 and SSL Support in Debian Etch
    2. Manage Apache Resources Limits With mod_slotlimit
    3. Apache2 installation and configuration with php support
    4. Realtime Apache monitoring with apachetop
    5. Apache Web server Useful Tips

    Incoming search terms:

       Posted by at 2:33 pm
      • arisnb

        Just install or are there something configuration ?

      • http://www.lelombrik.net/ Sephi

        I don’t think it will block DDos attacks since the requests will come from a lot of different IP addresses.

      • Anonymous Coward

        mod_evasive has a very limited scope. If you really suffer from an application level DDoS you will feel very weak if this is your only tool. Better look into mod_qos. It has a lot more to offer.

      • nima0102

        thanks for your solution
        I have found mod_security, Is mod_evasive better than mod_security ?? what advantages has?
        thanks

      • rb

        I’ve installed mod_evasive, even added some config options I found online to httpd.conf. slowloris still 0wns the server. fail.

      • Eno

        Real protection is only Load Balancer / Proxy not a mod_ for Apache.

      • http://www.facebook.com/profile.php?id=1633235344 Edo Cod

        Lol… i refreshed my home page for something like 50 times in 20 seconds, and i got a “Forbidden” message.
        After 15 minutes i can’t still open the homepage.

      QR Code Business Card