Instructions for using Apache (HTTPD) server anti-DDoS module mod_evasive

Source: Internet
Author: User

Instructions for using Apache (HTTPD) server anti-DDoS module mod_evasive

1, Mod_evasive Introduction;

Mod_evasive is a DDoS-resistant module for Apache (httpd) servers. For Web servers, it is now a good extension to protect against DDoS attacks. Although it is not completely defensive against DDoS attacks, under certain conditions, it is still the pressure to slow down the Apache (httpd) server. If you work with iptables, hardware firewalls, and other firewall devices, you may have better results. Unfortunately does not have a hardware firewall, so whether this combination effect has a better effect, I can't verify.

Mod_evasive's official address:

2, the installation and configuration of mod_evasive;

2.1 mod_evasive;


installation of 2.2 mod_evasive;

Before installing mod_evasive, you will need to install the Apache (HTTPD) server package and install Httpd-devel or Apache-dev. In Slackware 12.0, the installation of httpd software can be;

For Apache 1.x, use the following compilation method;

#/usr/sbin/apxs -iac mod_evasive.c

For Apache 2.x you can use the following method;

#tar zxvf mod_evasive_1.10.1.tar.gz
#cd mod_evasive
#/usr/sbin/apxs -i -a -c mod_evasive20.c

Note: APXS is used to compile the module tool, and if it is a software package, it is usually located in the/usr/sbin directory. If you are compiling and installing Apache (httpd) yourself, you should specify the path yourself;

We then modify the/etc/ file, the compiled dynamic module is located in the location of the, for example, I use Aapche 2.x, after the completion of the compilation, the module installed to/usr/lib/ Httpd/modules directory; Then we're going to write this directory to

#echo "/usr/lib/httpd/modules" >> /etc/

Note: specific to your system environment, do not copy copy, if you are not very familiar with Linux;

Configuration of 2.3 mod_evasive;

After the compilation installation is complete, it will automatically insert a line into the Apache configuration file, for the Apache 2.x version, should have a similar line in its configuration file;

LoadModule evasive20_module   lib/httpd/modules/

For the Apache 1.x, should also be similar, basically only the path is different;

Then we modify the Apache configuration file, the configuration file name is httpd.conf;

In the Apache v1.x version, to join;

<IfModule mod_evasive.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

Added in Apache v2.x;

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

If you do not know where to insert these, it is possible to do so with the following methods;

Create a file in the/etc directory, such as mod_evasive.conf;

#touch /etc/mod_evasive.conf

Then, according to their own version of Apache to add the corresponding content;

Then we'll modify the httpd.conf and join in the last line

Include /etc/mod_evasive.conf

After the modification is complete, we will restart the Apache server;

For example, in Slackware 12.0, the Apache 2.x restart, we need to use the

#/etc/rc.d/rc.httpd restart

Apache in Redhat, Fededora, Debian, Ubuntu, CentOS, can be used;

#/etc/init.d/httpd restart

#/etc/init.d/apache restart

Basically, it's almost like this ...

2.4 Test verification of Mod_evasive;

After the anti-DDoS module is done, we can verify that the system can be installed by default in the/usr/sbin directory by using the AB tool that comes with Apache, for example;

#/usr/sbin/ab -n 1000 -c 50

Note: The above example means, if your server is Google's Web server, we want to send a data request packet, a total of 1000, each concurrent 50;

Another test tool is the directory of mod_evasive unpacking, there is a, you can modify the IP address, and then use the


is not effective, please review the results according to the AB tool or test script;

Because the default configuration is used when compiling mod_evasive, the log is stored in the/tmp directory. If there is a DDoS attack, the log is generated in/tmp. The log file is beginning with dos-;

3, mod_evasive of Advanced configuration;

If you want to change some of the parameters appropriate to their own, some of the necessary parameters, not through the configuration file modification will work, we want to modify the source package in the MOD_EVASIVE.C (Apache 1.x) or mod_evasive20.c (Apache 2.x) ;

#define DEFAULT_HASH_TBL_SIZE   3097ul  // Default hash table size
#define DEFAULT_PAGE_COUNT      2       // Default maximum page hit count per interval
#define DEFAULT_SITE_COUNT      50      // Default maximum site hit count per interval
#define DEFAULT_PAGE_INTERVAL   1       // Default 1 Second page interval
#define DEFAULT_SITE_INTERVAL   1       // Default 1 Second site interval
#define DEFAULT_BLOCKING_PERIOD 10      // Default for Detected IPs; blocked for 10 seconds
#define DEFAULT_LOG_DIR         "/tmp"  // Default temp directory

For example, we change the numbers, which is easy to understand according to English. For example, change the log storage directory, and then change/tmp to another directory. If you do not know where to put the best, or use the default bar;

If you change the parameters here, don't forget to modify the parameters of the Apache configuration file about mod_evasive;

If you want to add some other parameters, please check the source code in the package of the Readme, there are detailed instructions, mostly not much need ...

This file is very important, if you want to change some settings, you need to modify this file ...

4, about this article;

Mod_evasive is still a bit of use, installation is not laborious. If you need to, you will think of this module of ... mod_evasive whether there is more advanced usage, not in this article can be said clearly. What if you don't understand? Please check the Readme in the source package.

Instructions for using Apache (HTTPD) server anti-DDoS module mod_evasive

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.