Mitigating attacks within the web server itself appears tidy and convenient but there are limits to what can be accomplished without incurring excessive load in the process. Let’s set up mod_evasive for that purpose however it can also be integrated with firewalls and routers.
apt-get install apache2-utils
apt-get install libapache2-mod-evasiveCheck that the module is loaded:
root@www:~# apache2ctl -M |grep evasive
evasive20_module (shared)And the config file:
nano /etc/apache2/mods-enabled/evasive.conf
GNU nano 7.2 /etc/apache2/mods-enabled/evasive.conf <IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
#DOSEmailNotify [email protected]
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/apache2/mod_evasive"
</IfModule>This is the default config per the github but I think it might be older than dirt so expect to change it! Also I am definitely not sending email. DOSSystemCommand is how you are going to integrate with external edge devices to block there rather than on the web server itself. I am putting my log in the debian apache dir. You could use that to hit an API at your web host to add IPs to their anti DDoS system. Or, probably could use it to hit CloudFlare’s API or similar external service.