Total de visualizações de página

sábado, 23 de abril de 2016

Configure mod_evasive


Configure mod_evasive
2015/08/03
 
Enable mod_evasive module to defend from DoS attacks and so on.
[1]Install and configure mod_evasive.
# install from EPEL

[root@www ~]# 
yum --enablerepo=epel -y install mod_evasive
[root@www ~]# 
vi/etc/httpd/conf.d/mod_evasive.conf
# line 18: threshhold for the number of requests for the same page per page interval

DOSPageCount   
5
# line 24: threshhold for the total number of requests for any object by the same client on the same listener per site interval

DOSSiteCount   
50
# line 28: The interval for the page count threshhold

DOSPageInterval   
1
# line 32: The interval for the site count threshhold

DOSSiteInterval   
1
# line 41: amount of time (in seconds) that a client will be blocked for if they are added to the blocking list

DOSBlockingPeriod   
300
# line 48: notification address if IP address becomes blacklisted

DOSEmailNotify   
root@localhost
# line 66: specify log directory

DOSLogDir   "
/var/log/mod_evasive
"
[root@www ~]# 
mkdir /var/log/mod_evasive 

[root@www ~]# 
chown apache. /var/log/mod_evasive 

[root@www ~]# 
systemctl restart httpd 
[2]Test with a test tool which is included in RPM package.
[root@www ~]# 
perl /usr/share/doc/mod_evasive-*/test.pl 

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
.....
.....
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
.....
.....
HTTP/1.1 403 Forbidden
# turn to "403 Forbidden" if blocked
# logs are saved

[root@www ~]# 
ll /var/log/mod_evasive 

total 4
-rw-r--r-- 1 apache apache 5 Aug  5 15:42 dos-127.0.0.1
# if set notification, it is sent like follows

[root@www ~]# 
mail 

Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 Apache                Wed Aug  3 19:42  20/673
& 1
Message  1:
From apache@www.server.world  Wed Aug  3 19:42:55 2015
Return-Path: <apache@www.server.world>
X-Original-To: root@localhost
Delivered-To: root@localhost.server.world
Date: Wed, 05 Aug 2015 15:42:54 +0900
To: root@localhost.server.world
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: apache@www.server.world (Apache)
Status: R

To: root@localhost
Subject: HTTP BLACKLIST 127.0.0.1

mod_evasive HTTP Blacklisted 127.0.0.1
Postado por às
Marcadores:

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)