In this tutorial I will explain how to Protect Against DoS and DDoS with mod_evasive in Apache. Dos or DDoS attack on Apache server make Apache unavailable to users . Attacker use one or thousand IP to hit your server and disturb Apache normal operations. Dos attack on Apache server make Apache unavailable to users . Attacker use one or thousand IP to hit your server and disturb Apache normal operations.
If you want to over come this problem you need to setup your website on CloudFlare or any other third party company which provide DDos attack protection but it is paid solution. If you want to protect your website without cost you can use mod_evasive .
In this tutorial I am going to explain how you can protect your Apache Web Server from DDoS attack with mod_evasive in Apache.
You may also like:
mod_evasive installation
You can install mod_evasive in apache using Debian Official repository using apt .
# apt-get update # apt-get install libapache2-mod-evasive
Configure mod_evasive
By default mod_evasive not configured you need to configure before use it, mod_evasive configuration is located at /etc/apache2/mods-available/evasive.conf. You will need to edit similarly like this
<IfModule mod_evasive20.c> DOSHashTableSize 3005 DOSPageCount 4 DOSSiteCount 99 DOSPageInterval 1 DOSSiteInterval 3 DOSBlockingPeriod 5 DOSEmailNotify [email protected] #DOSSystemCommand "su ‐ someuser ‐c '/sbin/... %s ...'" DOSLogDir "/var/log/mod_evasive" </IfModule>
You can change [email protected] with your email.
Note :- Create the mod_evasive log directory if not create default.
# mkdir /var/log/mod_evasive # chown :apache /var/log/mod_evasive # chmod 771 /var/log/ mod_evasive
Now check mod_evasive is enable
# a2enmod evasive # /etc/init.d/apache2 restart
Now it is time to check our web server has protection against Dos attack using Apache benchmark (ab).
If Apache benchmark is not install you can install it using apt.
# apt-get install apache2-utils
Before generating bulk request on the server firstly check mod_evasive log stat.
# ls –l /var/log/mod_evasive/ Total 0
Now generate bulk request to the server.
# ab –n 200 –c 15 http://www.example.com/
-n : Number of request
-c : Number of concurrent request
Check mod_evasive log stat.
# ls –l /var/log/mod_evasive/ -rw-r--r-- 1 apache apache 5 Mar 10 14:19 dos-172.16.245.129
If you check Apache access log you can see 403 code dropped request there after generating request using Apache benchmark.
I hope this article will help to protect your Apache Web Server from DDoS attack.
Thanks:)
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
Thank you for this post. I have a question: if many users from the same local network access to the same page (index.php for eg) they will be banned or not since they will have the same public IP ?