现在的位置: 首页 > 综合 > 正文

apache — 安装mod_evasive模块来防御ddos攻击

2013年04月19日 ⁄ 综合 ⁄ 共 5954字 ⁄ 字号 评论关闭

原文:http://www.mydigitallife.info/2007/08/15/install-mod_evasive-for-apache-to-prevent-ddos-attacks/

 

 

mod_evasive, formerly known as mod_dosevasive is a Apache module
that provides evasive maneuvers action in the event of an HTTP DoS or
DDoS (Denial of Service) attack or brute force attack at the web
server. When possible attacks are detected, mod_evasive will block the
traffic from the source for a specific duration of time, while reports
abuses via email


and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers


, and etc. to build a comprehensive DDOS prevention system


for the high
traffic


busy web server.

Although mod_evasive is not a foolproof and complete DOS prevention
system, but installing mod_evasive module for Apache will likely to
reduce and stop certain DDOS attacks, minimizing the risks of web
hosts


and web
sites


been completely brought down inaccessible by malicious denial of service attack attempts.

How to Install mod_evasive

  1. Login to web server via SSH.
  2. For Apache 2.0.x, execute the following command:

    up2date -i httpd-devel

  3. Continue with the following commands one by one for all version of
    Apache HTTPD server. wget command will download the current stable
    version 1.10.1 source tarball.

    cd


    /usr/local/src
    wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
    tar -zxvf mod_evasive_1.10.1.tar.gz
    cd mod_evasive

  4. For Apache 2.0.x , execute the following command:

    /usr/sbin/apxs -cia mod_evasive20.c

    Else, for Apache 1.3.x,

    /usr/local/apache/bin/apxs -cia mod_evasive.c

    Above commands will compile mod_evasive to .so and subsequently add
    corrensponding AddModule and LoadModule lines into httpd.conf.

  5. mod_evasive comes with default configuration value
    preset, however, if webmasters want to configure and set the value
    themselves, the following parameters have to be added into httpd.conf
    Apache configuration file below the AddModule section.

    For Apache 2.0.x, add the following text to httpd.conf below AddModule section:

    <IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 600
    </IfModule>

    For apache 1.3.x, add the following text to httpd.conf below AddModule section:

    <IfModule mod_evasive.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 600
    </IfModule>

    Save and exit the httpd.conf Apache configuration file.

  6. Restart the Apache server with the following command:

    /etc/init.d/httpd restart

Note: If apxs is not found, it can be installed via “yum install httpd-devel” command.

Installation is completed. Note that mod_evasive has known issues
with FrontPage Server Extensions. Administrator can configure the
variables such as enlarging the DOSHashTableSize especially for busy
server. But note that whenever when a sournce of attack is blocked, the
blocking duration is automatically extended whenever the source
attempts to connect again, thus the DOSBlockingPeriod needs not to be
too long. Beside, the blocking is based on each sessions of Apache
child process, thus the blocking has the lifespan of that particular
session only. If webmaster set the maximum clients per process to a
very low value, the blocking may not be very effective. All definitions
of mod_evasive directives can be found on README file comes with the
source codes.

Other than above common configuration parameters, mod_evasive also supports the following three advanced directives:

DOSEmailNotify users@example.com
DOSSystemCommand “su – someuser -c ‘/sbin/… %s …’”
DOSLogDir “/var/lock/mod_evasive”

The DOSEmailNotify is particular useful, where you can set
mod_evasive to send a notification email whenever a possible DOS attack
is detected and blocked. For example, “DOSEmailNotify root” will send
the email to root user. But note that mailer configuration (by default
is “/bin/mail -t %s”) in mod_evasive.c or mod_evasive20.c is correct.
You can create a symbolic link if needed to or modify the source code
file.

 

 

 

[root@LSN-D3219 mod_evasive]# /usr/local/apache2/bin/apxs
Usage: apxs -g [-S <var>=<val>] -n <modname>
       apxs -q [-S <var>=<val>] <query> ...
       apxs -c [-S <var>=<val>] [-o <dsofile>] [-D <name>[=<value>]]
               [-I <incdir>] [-L <libdir>] [-l <libname>] [-Wc,<flags>]
               [-Wl,<flags>] [-p] <files> ...
       apxs -i [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
       apxs -e [-S <var>=<val>] [-a] [-A] [-n <modname>] <dsofile> ...
[root@LSN-D3219 mod_evasive]# /usr/local/apache2/bin/apxs -cia mod_evasive
mod_evasive20.c     mod_evasive.c       mod_evasiveNSAPI.c
[root@LSN-D3219 mod_evasive]# /usr/local/apache2/bin/apxs -cia mod_evasive20.c
/usr/local/apache2/build/libtool --silent --mode=compile gcc -prefer-pic   -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache2/include  -I/usr/local/apache2/include   -I/usr/local/apache2/include   -c -o mod_evasive20.lo mod_evasive20.c && touch mod_evasive20.slo
/usr/local/apache2/build/libtool --silent --mode=link gcc -o mod_evasive20.la  -rpath /usr/local/apache2/modules -module -avoid-version    mod_evasive20.lo
/usr/local/apache2/build/instdso.sh SH_LIBTOOL='/usr/local/apache2/build/libtool' mod_evasive20.la /usr/local/apache2/modules
/usr/local/apache2/build/libtool --mode=install cp mod_evasive20.la /usr/local/apache2/modules/
cp .libs/mod_evasive20.so /usr/local/apache2/modules/mod_evasive20.so
cp .libs/mod_evasive20.lai /usr/local/apache2/modules/mod_evasive20.la
cp .libs/mod_evasive20.a /usr/local/apache2/modules/mod_evasive20.a
chmod 644 /usr/local/apache2/modules/mod_evasive20.a
ranlib /usr/local/apache2/modules/mod_evasive20.a
PATH="$PATH:/sbin" ldconfig -n /usr/local/apache2/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/local/apache2/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/local/apache2/modules/mod_evasive20.so
[activating module `evasive20' in /usr/local/apache2/conf/httpd.conf]

抱歉!评论已关闭.