Apache server provide security action is mod_evasive security tool. the mod_evasive evasive maneuvers module for Apache server to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. This tool also help us a detection, alerting and throttling, abuse via email and syslog facilities.You can easily configured to  ipchains, firewalls, routers, and etc.


Download the mod_evasive package using wget command and extract it.

# cd /usr/local/src

# wget  http://fossies.org/linux/www/apache_httpd_modules/mod_evasive_1.10.1.tar.gz

# tar -xzvf mod_evasive_1.10.1.tar.gz ; cd mod_evasive*

mod_evasive/
mod_evasive/.cvsignore
mod_evasive/LICENSE
mod_evasive/Makefile.tmpl
mod_evasive/README
mod_evasive/mod_evasive.c
mod_evasive/mod_evasive20.c
mod_evasive/mod_evasiveNSAPI.c
mod_evasive/test.pl
mod_evasive/CHANGELOG

Ensure the current path,
 
# pwd
/usr/local/src/mod_evasive

 
# apxs -i -a -c mod_evasive20.c

Note : If you may get an error  "mod_evasive20.c:142:39: error: 'conn_rec' has no member named 'remote_ip'" 

libtool: install: ranlib /usr/lib64/httpd/modules/mod_evasive24.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /usr/lib64/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/lib64/httpd/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_evasive20.so
[activating module `evasive20' in /etc/httpd/conf/httpd.conf]
LoadModule evasive20_module   /usr/lib64/httpd/modules/mod_evasive20.so


Note :If the LoadModule evasive20_module did not configured in httpd.conf file, you need to  add the mod_evasive configuration to your Apache configuration  as below

LoadModule evasive20_module  /usr/lib/httpd/modules/mod_evasive20.so


Then configure mod_evasive configuration:


DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify linux@thelinuxfaq.com


Finally save the configuration and restart your Apache server.
 
# /etc/init.d/httpd restart

Make sure the module has been configured on httpd,
 
# httpd -M | grep evasive20_module
 evasive20_module (shared)