The installation, configuration, and usage of the Apache anti-DDOS module mod_evasive were slow when a friend's website was accessed the previous day. The number of connections to the server was not large, and the resource usage was also small. if you suspect that there is an attack, install mod_evasive and try again. After the test, everything works properly. The installation configuration is as follows: wgethttp: www. zdziarski. comblogwp-contentuploads201002mod_e
Installation, configuration, and use of the Apache anti-DDOS module mod_evasive
The last few days, my friend's website was very slow to access, and the number of connections to the server was not large and the resource usage was small. If I suspected there was an attack, I wanted to install mod_evasive and try again. Everything went fine after the test.
The installation configuration is as follows:
Wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
Tar zxvf mod_evasive_1.10.1.tar.gz
CdMod_evasive
/Www/wdlinux/apache/bin/apxs-I-a-c mod_evasive20.c
Vi/www/wdlinux/apache/conf/Httpd. Conf
DuLe mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 360
Introduction to mod_evasive
Mod_evasive is a DDOS protection module for Apache (httpd) servers. For WEB servers, It is a better extension module to defend against DDOS attacks. Although it cannot completely defend against DDOS attacks, under certain conditions, it still slows down the load on Apache (httpd) servers. For example, using iptables, hardware firewalls, and other firewall devices together may have better results.
Official Address of mod_evasive:Http://www.zdziarski.com
Related Parameters
DOSHashTableSize 3097: defines the size of the hash table.
DOSSiteCount 50: Maximum number of concurrent connections allowed to the client.
DOSPageCount 2: The interval at which the client is allowed to access the same page.
DOSPageInterval 1: webpage access counter interval.
DOSSiteInterval 1: The interval between the full-site access counters.
DOSSiteInterval 60: The Access Denied time after the blacklist is added.
DOSEmailNotify xxxx@gmail.com: notifies administrators after an IP is blacklisted.
DOSSystemCommand"SuDo iptables-a input-s % s-j DROP ": system executed after the IP address is blacklistedCommand.
DOSLogDir "/tmp": the temporary directory of the lock mechanism.
DOSWhiteList 127.0.0.1: prevents IP addresses from being whitelisted.
Connection: http://www.wdlinux.cn/mod_evasive