Tag: ddos

Mitigate Denial of Service on Apache with mod_evasive

The original Apache logo
The original Apache logo

Mitigating attacks within the web server itself appears tidy and convenient but there are limits to what can be accomplished without incurring excessive load in the process. Let’s set up mod_evasive for that purpose however it can also be integrated with firewalls and routers.

apt-get install apache2-utils
apt-get install libapache2-mod-evasive

Check that the module is loaded:

root@www:~# apache2ctl -M |grep evasive
 evasive20_module (shared)

And the config file:


nano /etc/apache2/mods-enabled/evasive.conf

GNU nano 7.2                             /etc/apache2/mods-enabled/evasive.conf                                      <IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

    #DOSEmailNotify      [email protected]
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/apache2/mod_evasive"
</IfModule>

This is the default config per the github but I think it might be older than dirt so expect to change it! Also I am definitely not sending email. DOSSystemCommand is how you are going to integrate with external edge devices to block there rather than on the web server itself. I am putting my log in the debian apache dir. You could use that to hit an API at your web host to add IPs to their anti DDoS system. Or, probably could use it to hit CloudFlare’s API or similar external service.

, ,