Web server security is a big topic; when it comes to the best tools and techniques for consolidating a Web server, different people have different preferences and perspectives. In the case of the Apache Web server, even if not all experts, at least the vast majority of experts agree, Mod_security and mod_evasive are two very important modules that can protect the Apache Web server from common threats. We'll explore how to install and configure mod_security and mod_evasive in this article, assuming that the Apache HTTP Web server has been built and running. We will perform a demonstration of stress testing to see how the Web server reacts to a denial-of-service (DOS) attack and demonstrates how it can use these modules to counter it. We will use the CentOS platform in this tutorial. Install mod_security and mod_evasive if you have not enabled the Epel software library in the Centos/rhel server, you will need to enable the software library before installing these packages. # yum Install mod_security# yum Install mod_evasive installation is complete, you will find the main configuration file in/ETC/HTTPD/CONF.D: 498) this.width=498; OnMouseWheel = ' Javascript:return big (This) ' border= ' 0 "alt=" How to install the configuration mod_security and Mod_evasive module "width=" 486 "height=" 158 "src=" http://s2.51cto.com/wyfs02/M00/4B/35/wKioL1QosdKhklv8AABM0Ook2dU871.jpg/> Now, you need to make sure that Apache launches the fashion into these two modules. Look for the following lines in mod_security.conf and mod_evasive.conf (if they are not, add them): LoadModule security2_module Modules/mod_ Security2.soloadmodule Evasive20_module modules/mod_evasive20.so in the above two lines: loadmodule instruction tells Apache linked object file (*.so), Add it to the list of active modules. Security2_module and Evasive20_module are the names of the modules. modules/mod_security2.so and modules/mod_evasive20.so are relative paths from the/ETC/HTTPD directory to the module source files. As long as you check the contents of the/etc/httpd/modules directory, you can verify the path (and change the path if necessary). 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= "0" alt= "How to install the configuration mod_security and mod_evasive modules" Width= "536" height= "468" src= "Http://s6.51cto.com/wyfs02/M02/4B/35/wKioL1Qose7BSvEYAADtZvAfTL8875.jpg"/> Now restart the Apache Web server: # service httpd restart 1 2 3 4 Next >> view full-text navigation page 1th: Install mod_security and mod_evasive page 2nd: Configure mod_security 3rd Page: Configuration mod_evasive page 4th: Simulate Dos attack original: How to install Mod_security and mod_evasive in Apache (1) Back to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
