Prevent DoS attacks on Apache servers

Apache server's defense against DoS attacks is mainly implemented through the Apache DoS Evasive Maneuvers Module.

It is an alternative to mod_access and can defend against DoS attacks. The software can quickly reject repeated requests from the same address to the same URL by querying a hash table of each sub-process.

Download the software at http://online.securityfocus.com/data/tools/dospatch.tar.gz.

For software installation configurations, you can view the apacheability and security features on the Linux homepage http://www.linux.gov.cn/. the procedure is relatively simple and is not described here.
At the same time, you can use powerful commands in Linux to prevent Dos attacks.

Netstat-an | grep-I "Server IP Address: 80" | awk '{print $6}' | sort | uniq-c | sort-n

This command will automatically count the number of TCP connections in various States. If syn_recv is very high, the possibility of TCP-based Denial of Service attacks cannot be ruled out. Therefore, you need to enable tcp_syncookies:

Echo 1>/proc/sys/net/ipv4/tcp_syncookies

If no/proc/sys/net/ipv4/tcp_syncookies are available, the kernel does not support syncookies. You need to recompile the kernel and reduce the number of SYN retries.

Echo "1">/proc/sys/net/ipv4/tcp_syn_retriesecho "1">/proc/sys/net/ipv4/tcp_synack_retries

At the same time, increase syn_backlog to ensure user access:

Echo "2048">/proc/sys/net/ipv4/tcp_max_syn_backlog