The Server Pages

»

TheServerPages Articles

»

Servers

»

Linux

»

Apache

mod dosevasive Apache Module How-To

Author: Wojjie     Posted: 2004-08-06     Viewed: 49,287

Directions:
1. Download the newest version of the module from: http://www.nuclearelephant.com/projects/dosevasive/

2. Extract the module.

Ie. (replace the 1.9 with the version you downloaded)
tar -xzvf mod_dosevasive.1.9.tar.gz

3. Change directories so you are inside the mod_dosevasive directory.
cd mod_dosevasive

4. If you are running Apache v1.3, you run: [path to apache]/bin/apxs -i -a -c mod_dosevasive.c

Ie.
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive.c

If you are running Apache v2.0, you run: [path to apache]/bin/apxs -i -a -c mod_dosevasive20.c

Ie.
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive20.c

5. Restart apache.

Ie.
/etc/init.d/httpd restart


Configuration:

This section is intend for people that want to tweak some of the default settings to their own. You are not required to do this.

First you have to add the following section to your httpd.conf
(Ie. /etc/httpd/conf/httpd.conf):

For Apache v1.3:
<IfModule mod_dosevasive.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>
For Apache v2.0:
<IfModule mod_dosevasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>
The above are the default options that are setup (even if you do not have this section in your httpd.conf).



The following is a description of all the settings/variables:

Variable/Option:Description:
DOSHashTableSize Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
DOSPageCount Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.
DOSSiteCount Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.
DOSPageInterval Interval for the 'DOSPageCount' threshold in second intervals.
DOSSiteInterval Interval for the 'DOSSiteCount' threshold in second intervals.
DOSBlockingPeriod Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.

Comments

Copyright © 2004-2015: TheServerPages.com