Author: North-South-North
from: League of Legends Community
Abstract: In Server Manager, it is often encountered DDOS attack WWW server. For the Apache (httpd) servers, DDOS defense is achieved through mod_evasive. This article describes the installation mod_evasive module configured;
+++++++++++++++++++++++++++++++++++++++++++
text
++++++ +++++++++++++++++++++++++++++++++++++
1, mod_evasive Introduction;
mod_evasive anti-DDOS is a module of the Apache (httpd) server. For the WEB server, it is a good DDOS attack protection extension module. Although not completely defensive DDOS attack, but under certain conditions, or play slow service Apache (httpd) server stress. When combined with iptables, hardware firewalls and other equipment used in conjunction with a firewall, you may have better results. Unfortunately LinuxSir.Org and no hardware firewall, so whether the effect of this combination have better results, I can not verify.
The official address mod_evasive: http://www.zdziarski.com/projects/mod_evasive
2, mod_evasive installation and configuration;
Download 2.1 mod_evasive of;
2.2 mod_evasive installation;
Before installing mod_evasive, you want to use to install Apache (httpd) server software package also install httpd-devel or apache-dev. In Slackware 12.0, the software can be installed httpd;
For the Apache 1.x the following reference the compiled method;
#/usr/sbin/apxs -iac mod_evasive.c
For Apache 2.x can use the following methods;
#tar zxvf mod_evasive_1.10.1.tar.gz
#cd mod_evasive
#/usr/sbin/apxs -i -a -c mod_evasive20.c
Note: apxs tools for compiling module; If the system is carrying packages, typically located in / usr / sbin directory. If you own compile and install Apache (httpd), you should specify your own path;
We then modify /etc/ld.so.conf file, the location of the dynamic compiler module is specified in the ld.so.conf; for example, I use the Aapche 2.x, after the compilation is complete, install the module mod_evasive20.so to the / usr / lib / httpd / modules directory; then we should write to the directory in ld.so.conf.
#echo "/usr/lib/httpd/modules" >> /etc/ld.so.conf
#ldconfig
Note: specific to your system environment prevail, do not copy, if you are not familiar with Linux, then;
2.3 mod_evasive configuration;
After compiling is completed installation will automatically insert a row into the Apache configuration file for version 2.x Apache, the following line should be similar in its configuration file;
LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
For Apache 1.x, it should also be about the same, but the general path difference in terminology;
Then we modify the Apache configuration file, the configuration file named httpd.conf;
In Apache v1.x version, to be added;
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
In Apache v2.x added;
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
If you do not know where to put these inserts, we do use the following methods are possible;
Create a file in / etc directory, such as mod_evasive.conf;
#touch /etc/mod_evasive.conf
Then according to their own version of Apache to add the appropriate content;
Then we modified the httpd.conf, add the following line
Include /etc/mod_evasive.conf
After editing, we have to restart the Apache server;
For example, in the Slackware 12.0, Apache 2.x restart, we will use
#/etc/rc.d/rc.httpd restart
In Redhat, Fededora, Debian, Ubuntu, CentOS the Apache, can be used;
#/etc/init.d/httpd restart
或
#/etc/init.d/apache restart
In general almost like this ......
2.4 pairs mod_evasive test validation;
After the anti-DDOS modules do a good job, we want to verify, you can use Apache's ab tool that comes with the system is installed by default in / usr / sbin directory; for example;
#/usr/sbin/ab -n 1000 -c 50 http://www.google.com:80/
Note: The above example means that, if your server is google WEB server, we want to send a data request packet, a total of 1000, each concurrent 50;
Another test tool is unzipped package mod_evasive, there are a test.pl, you can change the IP address, and then use
#perl test.pl
Is there results, to see the results of ab tool or test script out;
Because when we compile mod_evasive, use the default configuration, the logs are stored in the / tmp directory. If there DDOS attack will have a log in / tmp. The log file begins with the dos-;
3, advanced configuration of mod_evasive;
If you want to change some parameters for their own, some necessary parameters, not modify configuration files by acting on it, we have to modify the source code package mod_evasive.c (Apache 1.x use it) or mod_evasive20.c (Apache with the 2.x);
#define DEFAULT_HASH_TBL_SIZE 3097ul // Default hash table size
#define DEFAULT_PAGE_COUNT 2 // Default maximum page hit count per interval
#define DEFAULT_SITE_COUNT 50 // Default maximum site hit count per interval
#define DEFAULT_PAGE_INTERVAL 1 // Default 1 Second page interval
#define DEFAULT_SITE_INTERVAL 1 // Default 1 Second site interval
#define DEFAULT_BLOCKING_PERIOD 10 // Default for Detected IPs; blocked for 10 seconds
#define DEFAULT_LOG_DIR "/tmp" // Default temp directory
For example, we change to change numbers which, according to the English is easy to understand. Such as modifying the log storage directory, put the / tmp directory into another. If you do not know on what good, or use the default bar;
If you change the parameters here, do not forget to modify the Apache configuration file parameters on mod_evasive of;
If you want to add some other parameters, please refer to the source package in the README, which are described in detail, most of it is not much need ......
This document is very important, if you want to change certain settings, it is necessary to amend this document ......
4, on paper;
mod_evasive still somewhat useful, not effortless installation. If you need them, whether ...... mod_evasive think of this module are more advanced usage, nor is it in this article I can say clearly. If you do not know how to do? Check the source package in the README.
Right herein as the software ......
North-South record of
From LinuxSir.Org
5, reference documentation;
Reference source packet mod_evasive the README ......
6, related documents;
Reproduced in: https: //www.cnblogs.com/licheng/archive/2008/01/23/1050085.html