Avoid DoS Attacks using Mod_Evasive on Apache Web Server

May 15, 2011 / How-to Guide

Denial of Service, commonly known as the DDoS attack, is one of the biggest threats for your servers security. In a DoS attack, attackers with destructive intentions try overloading the server with requests more than the server can handle. The attacker is able to find holes in the security of the server and exploit it to carry out the attack.

How to avoid DoS attacks using mod_evasive ?

mod_evasive can be an efficient method of avoiding a DoS attack. It is one of the modules available for an Apache http server, which comes for free.

How to install mod_evasive over your Linux Hosting server ?

Note: Before proceeding with the installation, it is important that the server is running Apache.

  1. You are required to login to the server via SSH as root
  2. Ensure that the Apache is updated with the latest development files. Use the below command to install http-devel package on your server
    yum install httpd-devel
  3. Using the following command, you must download the updated version
    wget http://www.zdziarski.com/blog/wpcontent/uploads/2010/02/mod_evasive_1.10.1.tar.gz
  4. Then use the below command for extracting the archived files:
    tar xvzf mod_evasive_1.10.1.tar.gz mod_evasive/
  5. Then compile the module using the following command :
    /usr/sbin/apxs -cia /usr/src/mod_evasive/mod_evasive20.c
  6. For activating the module, fire the below command
    chmod 755 /usr/lib/httpd/modules/mod_evasive20.so
  7. You must then restart Apache
    /etc/init.d/httpd restart
  8. Ensure that it has been loaded correctly
    grep -i evasive /etc/httpd/conf/httpd.conf
  9. The result should be :
    LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
    Run : php -r ‘phpinfo();’ | grep -i evasive
  10. The mod_evasive should get listed
  11. Now the Apache conf file: /etc/httpd/conf/httpd.conf should be updated with adding configuration rules
    <IfModule mod_evasive20.c>DOSHashTableSize 3097DOSPageCount 6DOSSiteCount 100DOSPageInterval 2DOSSiteInterval 2DOSBlockingPeriod 600</IfModule

You can also go through the documentation for determining the best configuration settings for each. This should help you avoid a DoS attack on your server.

Spread the love