Thursday, May 29, 2008

What is Mod_dosevasive?How to install?


mod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)

Installation steps:

tar -zxvf mod_dosevasive.1.8.tar.gz
cd mod_dosevasive
/usr/local/apache/bin/apxs -iac mod_dosevasive.c
then you pico /usr/local/apache/conf/httpd.conf
and search for the lines
LoadModule dosevasive_module libexec/
AddModule mod_dosevasive.c
you have to be sure they where added
then add these lines

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

Save the file and restart apache.

You can see results in server logs.

No comments: