Apache server provide security action is mod_evasive security tool. the mod_evasive evasive maneuvers module for Apache server to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. This tool also help us a detection, alerting and throttling, abuse via email and syslog facilities.You can easily configured to  ipchains, firewalls, routers, and etc.


Download the mod_evasive package using wget command and extract it.

# cd /usr/local/src

# wget  http://fossies.org/linux/www/apache_httpd_modules/mod_evasive_1.10.1.tar.gz

# tar -xzvf mod_evasive_1.10.1.tar.gz ; cd mod_evasive*


mod_evasive/

mod_evasive/.cvsignore

mod_evasive/LICENSE

mod_evasive/Makefile.tmpl

mod_evasive/README

mod_evasive/mod_evasive.c

mod_evasive/mod_evasive20.c

mod_evasive/mod_evasiveNSAPI.c

mod_evasive/test.pl

mod_evasive/CHANGELOG

Ensure the current path,
 
# pwd
/usr/local/src/mod_evasive

 
# apxs -i -a -c mod_evasive20.c

Note : If you may get an error  "mod_evasive20.c:142:39: error: 'conn_rec' has no member named 'remote_ip'" 


libtool: install: ranlib /usr/lib64/httpd/modules/mod_evasive24.a

libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /usr/lib64/httpd/modules

----------------------------------------------------------------------

Libraries have been installed in:

   /usr/lib64/httpd/modules



If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable

     during execution

   - add LIBDIR to the `LD_RUN_PATH' environment variable

     during linking

   - use the `-Wl,-rpath -Wl,LIBDIR' linker flag

   - have your system administrator add LIBDIR to `/etc/ld.so.conf'



See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

chmod 755 /usr/lib64/httpd/modules/mod_evasive20.so

[activating module `evasive20' in /etc/httpd/conf/httpd.conf]

LoadModule evasive20_module   /usr/lib64/httpd/modules/mod_evasive20.so


Note :If the LoadModule evasive20_module did not configured in httpd.conf file, you need to  add the mod_evasive configuration to your Apache configuration  as below

LoadModule evasive20_module  /usr/lib/httpd/modules/mod_evasive20.so


Then configure mod_evasive configuration:




DOSHashTableSize 3097

DOSPageCount 2

DOSSiteCount 50

DOSPageInterval 1

DOSSiteInterval 1

DOSBlockingPeriod 60

DOSEmailNotify linux@thelinuxfaq.com


Finally save the configuration and restart your Apache server.
 
# /etc/init.d/httpd restart

Make sure the module has been configured on httpd,
 
# httpd -M | grep evasive20_module
 evasive20_module (shared)