Mod-Evasive and Ubuntu 10.04 LTS

What is mod_evasive?
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

Requesting the same page more than a few times per second

Making more than 50 concurrent requests on the same child per second

Making any requests while temporarily blacklisted (on a blocking list)

Installation

apt-get install libapache2-mod-evasive mkdir /var/log/apache2/mod_evasive chown www-data:www-data /var/log/apache2/mod_evasive

Configuration

Create a new file

vi /etc/apache2/conf.d/01_modevasive.conf

with this content

<ifmodule mod_evasive20.c>  DOSHashTableSize 3097  DOSPageCount 2  DOSSiteCount 50  DOSPageInterval 1  DOSSiteInterval 1  DOSBlockingPeriod 10  DOSLogDir /var/log/apache2/mod_evasive  DOSEmailNotify [email protected]  DOSWhitelist 127.0.0.1 </ifmodule>

Restart Apache to activate the new module

/etc/init.d/apache2 restart

Documentation

DOSHashTableSize: Size of the hash table used to store the IPs.
DOSPageCount: Number of pages allowed per DOSPageInterval.
DOSPageInterval: Time in seconds used by DOSPageCount.
DOSSiteCount: Number of objects allowed per DOSSiteInterval.
DOSSiteInterval: Time in seconds used by DOSSiteCount.
DOSBlockingPeriod: Time in seconds that IPs will be banned. If an IP tries to access the server within this period, the count will be restarted.
DOSLogDir: Optional. Directory to store the logs. If not specified, /tmp will be used.
DOSEmailNotify: Optional. Mail where notifications will be sent.

DOSSystemCommand: is Optional. Command to execute if an IP is blocked. For example using iptables:

DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"

Featured

Swifi won Trust Square biggest blockchain Hackathon #SBHACK21

Featured

Install MongoDB High Availability on Microsoft Azure

Install RabbitMQ on Microsoft Azure

Accessing Git and Nexus with custom SSL certificates

m-Clippy WON Migros Category prize in Europe's Biggest Hackathon Hack Zurich 2020

Featured

Special 35th Anniversary Super Mario Bros edition Game & Watch console available on Nov. 13 for 60$

Featured

A Passive Cooling for Raspberry Pi 4

Ninebot KickScooter MAX G30D

Cryptocurrency monitor with Unicorn HAT

Bitcoin, Ethereum price Monitoring on your raspberry Pi

Featured

DJI Fpv speed racing drone RC Quadcopter FPV

Featured

Enable 1200 mw Mode on DJI FPV System

Enable FCC Mode on DJI FPV System (700mw 8 Channels)

Armattan Marmotte 5 DJI Edition

Must Have DJI FPV System Accessories and Upgrade Parts

Featured

Lake Zürich

Featured

Grimsel Pass

Furka Pass

Susten Pass

Little India in Singapore

Installation

Configuration

Documentation

Categories

Featured

Swifi won Trust Square biggest blockchain Hackathon #SBHACK21

Featured

Install MongoDB High Availability on Microsoft Azure

Featured

Special 35th Anniversary Super Mario Bros edition Game & Watch console available on Nov. 13 for 60$

Featured

A Passive Cooling for Raspberry Pi 4

Featured

DJI Fpv speed racing drone RC Quadcopter FPV

Featured

Enable 1200 mw Mode on DJI FPV System

Featured

Lake Zürich

Featured

Grimsel Pass

Mod-Evasive and Ubuntu 10.04 LTS

Installation

Configuration

Documentation

Related Posts

Categories

Tags