Apache2 : Configure mod_evasive2023/07/04 |
Enable mod_evasive module to defend from DoS attacks and so on.
|
|
[1] | Install and configure mod_evasive. |
root@www:~#
apt -y install libapache2-mod-evasive
root@www:~#
vi /etc/apache2/mods-available/evasive.conf # uncomment each line to configure <IfModule mod_evasive20.c> # hash table size DOSHashTableSize 3097 # threshold for the number of requests for the same page per page interval DOSPageCount 2 # threshold for the total number of requests for any object by the same client on the same listener per site interval DOSSiteCount 50 # the interval for the page count threshold DOSPageInterval 1 # the interval for the site count threshold DOSSiteInterval 1 # amount of time (in seconds) that a client will be blocked for if they are added to the blocking list DOSBlockingPeriod 10 # uncomment and configure follows if you need # notification address if IP address becomes blacklisted #DOSEmailNotify root@localhost # possible to set any command #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" # log directory #DOSLogDir "/var/log/mod_evasive" </IfModule>root@www:~# mkdir /var/log/mod_evasive root@www:~# chown www-data:www-data /var/log/mod_evasive root@www:~# systemctl reload apache2 |
[2] | Test to access to Apache2. |
root@www:~# for ((i=1; i <= 20; i++)); do curl -I localhost; done
.....
.....
HTTP/1.1 200 OK
Date: Tue, 04 Jul 2023 02:10:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Mon, 03 Jul 2023 23:32:47 GMT
ETag: "29cd-5ff9d958ee6c0"
Accept-Ranges: bytes
Content-Length: 10701
Vary: Accept-Encoding
Content-Type: text/html
HTTP/1.1 200 OK
Date: Tue, 04 Jul 2023 02:10:05 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Mon, 03 Jul 2023 23:32:47 GMT
ETag: "29cd-5ff9d958ee6c0"
Accept-Ranges: bytes
Content-Length: 10701
Vary: Accept-Encoding
Content-Type: text/html
# turn to "403 Forbidden" if blocked
HTTP/1.1 403 Forbidden
Date: Tue, 04 Jul 2023 02:10:05 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 403 Forbidden
Date: Tue, 04 Jul 2023 02:10:05 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
.....
.....
# if blocked, logs are recorded root@www:~# ll /var/log/mod_evasive total 4 -rw-r--r-- 1 www-data www-data 5 Jul 3 21:14 dos-127.0.0.1 # if set notification, it is sent like follows root@www:~# mail Mail version 8.1.2 01/15/2001. Type ? for help. "/var/mail/root": 1 message 1 unread >U 1 www-data@www.srv. Tue Jul 04 13:16 20/621 & 1 Message 1: From www-data@www.srv.world Tue Jul 04 13:16:38 2023 X-Original-To: root@localhost To: root@localhost MIME-Version: 1.0 Content-Type: text/plain; charset="ANSI_X3.4-1968" Content-Transfer-Encoding: 8bit Date: Tue, 04 Jul 2023 13:16:38 +0900 (JST) From: www-data <www-data@www.srv.world> To: root@localhost Subject: HTTP BLACKLIST 127.0.0.1 mod_evasive HTTP Blacklisted 127.0.0.1 |
Sponsored Link |