mod_evasive ??

One way to stop one of the more basic attacks on a server is mod_evasive. This how-to will walk though the process of installing and configuring mod_evasive. This apache module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.

let's install it ~!!!

Follow this section for Apache 1.3.x.

-----command-----
cd /usr/local/src
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/etc/httpd/bin/apxs -cia mod_evasive.c
-----command-----



Follow this section for Apache 2.0.x.
-----command-----
up2date -i httpd-devel
cd /usr/local/src
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c
-----command-----

If you are adding the is module to apache 1.3.x the following lines need to be added to the httpd.conf below the AddModule section.


DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600




If you are using apache 2.0.x you need to scroll to below the LoadModule section in the httpd.conf and add the following:


DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600


Exit and save out of the httpd.conf

Now it should be ready to go. Exit out of pico and restart apache.
-----command-----
service httpd restart
-----command-----