Add mod_evasive anti-CC Attack Module to DirectAdmin

Mod_evasive is a anti-CC Attack Module of the Apache server. It can detect and limit the number of requests from the same IP address and execute commands when certain conditions are met (such as using iptables to block IP addresses ), although it cannot completely defend against CC attacks, it can relieve the pressure on Apache servers under certain conditions.

1. Obtain mod_evasive

wget http://soft.kwx.gd/module/mod_evasive_1.10.1.tar.gz

Run the preceding commands by Using SSH. Download mod_evasive 1.10.1.

Ii. Decompress

Tar zxvf mod_evasive_1.10.1.tar.gz # decompress cd mod_evasive # To enter the Directory

3. Install this component

/usr/sbin/apxs -i -a -c mod_evasive20.c

Run the preceding commands by Using SSH. Install mod_evasive.

4. Add a configuration file
1) New httpd-evasive.conf

vim /etc/httpd/conf/extra/httpd-evasive.conf

Run the above command in SSH, use vim to create a httpd-evasive.conf, and fill in the following content

<IfModule mod_evasive20.c> DOSHashTableSize 3097 # hash table size (no need to modify) DOSPageCount 10 # maximum concurrent connections per IP address (instantaneous value) DOSSiteCount 50 # Number of times a single server can access the same page within a specified number of seconds. DOSPageInterval 1 # single-page request detection time (1 second by default) DOSSiteInterval 1 # Full-site request detection time (1 second by default) DOSBlockingPeriod 3600 # blacklist ban time (3600 seconds by default) DOSEmailNotify root # notify the administrator of the new blacklist record (which can be changed to an email address) DOSSystemCommand "iptables-a input-s % s-j DROP" # execute the command in the blacklist </IfModule>

For example:

5. reference the above files
1) EDIT httpd. conf

vim /etc/httpd/conf/httpd.conf

2) Insert the following content at an appropriate location

Include conf/extra/httpd-evasive.conf

For example:

6. Restart apache

service httpd restart