Apache server provide security action is mod_evasive security tool. the mod_evasive evasive maneuvers module for Apache server to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. This tool also help us a detection, alerting and throttling, abuse via email and syslog facilities.You can easily configured to ipchains, firewalls, routers, and etc.
Download the mod_evasive package using wget command and extract it.
# cd /usr/local/src
# wget http://fossies.org/linux/www/apache_httpd_modules/mod_evasive_1.10.1.tar.gz
# tar -xzvf mod_evasive_1.10.1.tar.gz ; cd mod_evasive*
# wget http://fossies.org/linux/www/apache_httpd_modules/mod_evasive_1.10.1.tar.gz
# tar -xzvf mod_evasive_1.10.1.tar.gz ; cd mod_evasive*
mod_evasive/
mod_evasive/.cvsignore
mod_evasive/LICENSE
mod_evasive/Makefile.tmpl
mod_evasive/README
mod_evasive/mod_evasive.c
mod_evasive/mod_evasive20.c
mod_evasive/mod_evasiveNSAPI.c
mod_evasive/test.pl
mod_evasive/CHANGELOG
Ensure the current path,
# pwd
/usr/local/src/mod_evasive
# apxs -i -a -c mod_evasive20.c
Note : If you may get an error "mod_evasive20.c:142:39: error: 'conn_rec' has no member named 'remote_ip'"
libtool: install: ranlib /usr/lib64/httpd/modules/mod_evasive24.a
libtool: finish: PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /usr/lib64/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib64/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_evasive20.so
[activating module `evasive20' in /etc/httpd/conf/httpd.conf]
LoadModule evasive20_module /usr/lib64/httpd/modules/mod_evasive20.so
Note :If the LoadModule evasive20_module did not configured in httpd.conf file, you need to add the mod_evasive configuration to your Apache configuration as below
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
Then configure mod_evasive configuration:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify linux@thelinuxfaq.com
Finally save the configuration and restart your Apache server.
# /etc/init.d/httpd restart
Make sure the module has been configured on httpd,
# httpd -M | grep evasive20_module
evasive20_module (shared)
Comments (0)