Configure mod_evasive
2015/08/03
|
Enable mod_evasive module to defend from DoS attacks and so on.
| |
[1] | Install and configure mod_evasive. |
# install from EPEL
[root@www ~]#
yum --enablerepo=epel -y install mod_evasive
[root@www ~]#
vi /etc/httpd/conf.d/mod_evasive.conf
# line 18: threshhold for the number of requests for the same page per page interval
DOSPageCount
5
# line 24: threshhold for the total number of requests for any object by the same client on the same listener per site interval
DOSSiteCount
50
# line 28: The interval for the page count threshhold
DOSPageInterval
1
# line 32: The interval for the site count threshhold
DOSSiteInterval
1
# line 41: amount of time (in seconds) that a client will be blocked for if they are added to the blocking list
DOSBlockingPeriod
300
# line 48: notification address if IP address becomes blacklisted
DOSEmailNotify
root@localhost
# line 66: specify log directory
DOSLogDir "
/var/log/mod_evasive
"
mkdir /var/log/mod_evasive
[root@www ~]#
chown apache. /var/log/mod_evasive
[root@www ~]#
systemctl restart httpd
|
[2] | Test with a test tool which is included in RPM package. |
[root@www ~]#
perl /usr/share/doc/mod_evasive-*/test.pl
HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK ..... ..... HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden ..... ..... HTTP/1.1 403 Forbidden
# turn to "403 Forbidden" if blocked
# logs are saved
[root@www ~]#
ll /var/log/mod_evasive
total 4 -rw-r--r-- 1 apache apache 5 Aug 5 15:42 dos-127.0.0.1
# if set notification, it is sent like follows
[root@www ~]#
mail
Heirloom Mail version 12.5 7/5/10. Type ? for help. "/var/spool/mail/root": 1 message 1 new >N 1 Apache Wed Aug 3 19:42 20/673 & 1 Message 1: From apache@www.server.world Wed Aug 3 19:42:55 2015 Return-Path: <apache@www.server.world> X-Original-To: root@localhost Delivered-To: root@localhost.server.world Date: Wed, 05 Aug 2015 15:42:54 +0900 To: root@localhost.server.world User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=us-ascii From: apache@www.server.world (Apache) Status: R To: root@localhost Subject: HTTP BLACKLIST 127.0.0.1 mod_evasive HTTP Blacklisted 127.0.0.1 |
Nenhum comentário:
Postar um comentário