Admins eHow SysAdmin Tips & Tricks

June 4, 2010

Protect Apache against Dos/DDos attacks using mod_evasive

Filed under: Apache,cPanel,Security — Tags: , , , , , , — admin @ 11:21 am

mod_evasive is a module for Apache (both 1.3 and 2.0) giving Apache the ability to detect and fend off request-based DoS/DDoS attacks and brute-force attacks conserving your system resources and bandwidth. This tool can be configured to report abusers and even talk to network gear (such as a firewall or ipchains).

in this article we explain how to install mod_evasive on Apache 2 :

wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/local/apache/bin/apxs -cia mod_evasive20.c

next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Pre Main Include section , choose All Versions from drop down menu and add the following config into it :

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 600
</IfModule>

then click on update and restart Apache server.

July 14, 2009

Limit Connections per IP using mod_limitipconn on cPanel

Filed under: Apache,CentOS,cPanel,General,Security — Tags: , , , , , , — admin @ 9:41 am

one of the problems I had on one of my cPanel servers was that some people were using download managers to download files from server , so hundreds of connections were being ESTABLISHED to Apache and it was becoming like a dos attack and causing Apache to become non responsive.
so here is what I did to limit connections per IP in a cPanel hosting server :
there is an Apache module named mod_limitipconn which will take care of it for us.
first download the latest version of mod_limitipconn from this site : http://dominia.org/djao/limitipconn2.html
decompress and install it.
at current time the latest version is 0.23.

wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2
tar jxvf mod_limitipconn-0.23.tar.bz2
cd mod_limitipconn-0.23
/usr/local/apache/bin/apxs -cia mod_limitipconn.c

next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Post VirtualHost Include section , choose All Versions from drop down menu and add the following config into it :

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

then click on update and restart Apache server.
now We are all set 🙂

Powered by WordPress