The mod_evasive_1.10.1 Distributed Denial of service (ddos:distributed denial of service) attack refers to the use of client/server technology to unite multiple computers as an attack platform to launch DDoS attacks against one or more targets. Thus multiplying the power of denial of service attacks. As a result of DDoS attacks and malicious flash caused Apache abnormal operation, the use of resources too large, now found a very good solution. Basically, the installation of Mod_evasive module has been better solved.
I'm going to come down to the CentOS 6.6 on the installation of Apache2.4.6 based mod_evasive to share your experience, by the way to further explain the characteristics of mod_evasive.
Mod_evasive detects an attack by establishing an internal dynamic hash table for the visiting IP address and access URI, and denies access to the IP if the following behavior is true:
1. The number of requests per second for the same page exceeds the usual (original: requesting the same page more than a few times/second).
2. The same child process has more than 50 concurrent requests per second.
3. Requests are made on a temporary basis (in blacklist).
Mod_evasive can be very convenient and firewall, routers and other integration, further improve the ability to resist denial of service.
Like other anti-attack tools, mod_evasive also receives bandwidth, system processing capabilities and other factors, so in order to deal with large-scale attacks, the best way is to integrate mod_evasive and your firewall and routers, rather than simply install as a stand-alone Apache module.
Two ways to install mod_evasive on Apache2.4.6:
First, the use of the source code installation:
[CC lang= "bash" escaped= "true"] [Root@apache ~]# CD/USR/LOCAL/SRC
[Root@src ~]# wget http://www.leixuesong.cn/wp-content/uploads/2015/03/mod_evasive_1.10.1.tar.gz
[Root@src ~]# TAR-ZXVF mod_evasive_1.10.1.tar.gz
[Root@mod_evasive ~]# CD mod_evasive
[Root@mod_evasive ~]#/usr/local/apache/bin/apxs-i-a-c mod_evasive20.c[/cc]
Description: Dynamic compilation Apache, here compiled mod_evasive20.c is to deal with the 2.X version of Apache, if it is 1.x version of Apache will compile mod_evasive.c on the line
Second, yum installation
[CC lang= "bash" escaped= "true"] [Root@apache ~]yum Install mod_evasive
#############################################################
Libraries have been installed in:
/usr/local/apache/modules
If you are ever happen to want to link against installed libraries
In a given directory, Libdir, your must either use Libtool, and
Specify the full pathname of the library, or use the '-llibdir '
Flag during linking and do at least one of the following:
-Add Libdir to the ' Ld_library_path ' environment variable
During execution
-Add Libdir to the ' Ld_run_path ' environment variable
During linking
-Use the '-WL,-RPATH-WL,LIBDIR ' linker flag
-Have your system administrator add Libdir to '/etc/ld.so.conf '
Operating system documentation about shared libraries for
More information, such as the LD (1) and ld.so (8) manual pages.
----------------------------------------------------------------------
chmod 755/usr/local/apache/modules/mod_evasive20.so
[Activating module ' EVASIVE20 ' in/usr/local/apache/conf/httpd.conf]
##############################################################
Indicates that the Apache module has been compiled and written
View the httpd.conf file has been automatically added
LoadModule Evasive20_module MODULES/MOD_EVASIVE20.SO[/CC]
At this point, after restarting the Apache service, you can use the default configuration to provide you with a good defense against attack capabilities, of course, you can also make some custom configuration of parameters, add the following parameters:
[CC lang= "Vim" escaped= "true"]<ifmodule mod_evasive20.c>
Doshashtablesize 3097
Dospagecount 5
Dossitecount 50
Dospageinterval 2
Dossiteinterval 2
Dosblockingperiod 10
</IFMODULE>[/CC]
Simple parameter Description:
Doshashtablesize 3097 Records and stores the Hassi size of the blacklist, which can be increased if the server accesses a large amount
Dospagecount 5 The number of times the same page can be accessed by a single user at the same time, more than that number is listed as an attack, and the value of the same time can be set in the Dospageinterval parameter.
Dossitecount 50 The number of accesses that the same user can open simultaneously within the same Web site, and the value of the same time is set in Dossiteinterval.
Dospageinterval 2 sets the time length standard in Dospagecount, and the default value is 1.
Dossiteinterval 2 sets the time length standard in Dossitecount.
Dosblockingperiod 10 is sealed with a time interval of seconds, in which the return of 403 (Forbidden) is received.
Other Optional parameters:
The Dosemailnotify 475216037@qq.com sets the mailbox address to receive an attack message when attacked.
Dossystemcommand "Su–someuser-c '/sbin/...%s" Apache runs system commands executed by user when attacked
Doslogdir "/var/lock/mod_dosevasive" Attack log storage directory/var/lock/mod_dosevasive generally can be stored in the/tmp directory
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
