Debian Admin

Debian/Ubuntu Linux System Administration Tutorials,Howtos,Tips

  • RSS Subscribe

    subscribe to the Debian Admin RSS feed

  • Sponsors



  • Categories

  • Sponsors

  • Support DebianAdmin

    Amount $:
    Website(Optional):


  • Meta

  • Archives



« How to Add Date And Time To Your Bash History file
Apache Public webserver with multiple local webserver with Debian »

How to protect Apache against DOS,DDOS or brute force attacks

Posted by Admin on May 12th, 2009

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

If you want to protect your apache webserver against DOS,DDOS or brute force attacks use mod_evasive module.mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)

This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it’s a good idea to integrate this with your firewalls and routers for maximum protection.

This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on ‘reload’ should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use.

Install mod_evasive in Debian

#apt-get install libapache2-mod-evasive

This will complete the installation

Test mod_evasive Module

open any browser,open your apache server home page, and click the reload button as fast as you can.

  • Share/Bookmark

Random Posts

You can leave a response, or trackback from your own site.

6 Responses to “How to protect Apache against DOS,DDOS or brute force attacks”

  1. arisnb Says:
    May 15th, 2009 at 2:42 am

    Just install or are there something configuration ?

  2. Sephi Says:
    May 18th, 2009 at 10:51 am

    I don’t think it will block DDos attacks since the requests will come from a lot of different IP addresses.

  3. Anonymous Coward Says:
    May 26th, 2009 at 5:32 am

    mod_evasive has a very limited scope. If you really suffer from an application level DDoS you will feel very weak if this is your only tool. Better look into mod_qos. It has a lot more to offer.

  4. nima0102 Says:
    July 10th, 2009 at 9:44 pm

    thanks for your solution
    I have found mod_security, Is mod_evasive better than mod_security ?? what advantages has?
    thanks

  5. rb Says:
    October 3rd, 2009 at 1:47 pm

    I’ve installed mod_evasive, even added some config options I found online to httpd.conf. slowloris still 0wns the server. fail.

  6. Eno Says:
    November 11th, 2009 at 7:14 pm

    Real protection is only Load Balancer / Proxy not a mod_ for Apache.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« How to Add Date And Time To Your Bash History file
Apache Public webserver with multiple local webserver with Debian »