mod_evasive
mod_evasive - anti DDOS, flood attack.
install
aptitude install libapache2-mod-evasiveconfigure
mkdir /var/log/mod_evasive/
chown www-data:www-data /var/log/mod_evasive//etc/apache2/conf.d/modevasive:
<ifmodule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSLogDir /var/log/mod_evasive
DOSEmailNotify webmaster@localhost
DOSWhitelist 127.0.0.1
DOSWhitelist 192.168.*.*
</ifmodule>mod_security
mod_security - open source web application firewall.
install
aptitude install libapache-mod-securityinstall rules
cd /tmp/
wget https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v2.2.5.tar.gz
tar xvf v2.2.5.tar.gz
mkdir /etc/apache2/mod_security_rules/
mv owasp-modsecurity-crs-2.2.5/base_rules/* /etc/apache2/mod_security_rules/
rm -rf owasp-modsecurity-crs-2.2.5/ v2.2.5.tar.gz
chown -R root:root /etc/apache2/mod_security_rules/configure
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.confenable engine /etc/modsecurity/modsecurity.conf:
SecRuleEngine On/etc/apache2/conf.d/modsecurity:
<ifmodule mod_security2.c>
Include mod_security_rules/*.conf
SecWriteStateLimit 100
</ifmodule>enable apache modules
a2enmod headers unique_id mod-evasive mod-security
/etc/init.d/apache2 restarttesting
slowhttptest -c 65539 -B -g -o my_server_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u www.my-site.local -x 10 -p 3
Fri Jun 27 09:42:19 2014:
slow HTTP test status on 10th second:
initializing: 0
pending: 1406
connected: 50
error: 0
closed: 15
service available: NO