Ubuntu 16.04
Sponsored Link

mod_evasive Settings2016/06/15

 
Enable mod_evasive module to defend from DoS attacks and so on.
[1] Install and Configure mod_evasive.
root@www:~#
apt-get -y install libapache2-mod-evasive
root@www:~#
a2enmod evasive

root@www:~#
vi /etc/apache2/mods-enabled/evasive.conf
# line 3: threshhold for the number of requests for the same page per page interval

DOSPageCount  
5
# line 4: threshhold for the total number of requests for any object by the same client on the same listener per site interval

DOSSiteCount  
50
# line 5: The interval for the page count threshhold

DOSPageInterval  
1
# line 6: The interval for the site count threshhold

DOSSiteInterval  
1
# line 7: amount of time (in seconds) that a client will be blocked for if they are added to the blocking list

DOSBlockingPeriod  
300
# line 9: notification address if IP address becomes blacklisted

DOSEmailNotify  
root@localhost
# line 11: specify log directory

DOSLogDir   "
/var/log/mod_evasive
"
root@www:~#
mkdir /var/log/mod_evasive

root@www:~#
chown www-data /var/log/mod_evasive

root@www:~#
systemctl restart apache2
[2] Test with a test tool which is included in RPM package.
root@www:~#
perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
.....
.....
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
.....
.....
HTTP/1.1 403 Forbidden

# turn to "403 Forbidden" if blocked

# logs are saved

root@www:~#
ll /var/log/mod_evasive

total 12
-rw-r--r--  1 www-data www-data    5 Jun 16 14:36 dos-127.0.0.1

# if set notification, it is sent like follows

From www-data@www.srv.world  Thu Jun 15 19:36:03 2016
X-Original-To: root@localhost
To: root@localhost
Date: Thu, 16 Jun 2016 14:36:03 +0900 (JST)
From: www-data@www.srv.world (www-data)

To: root@localhost
Subject: HTTP BLACKLIST 127.0.0.1

mod_evasive HTTP Blacklisted 127.0.0.1
Matched Content