Protect against HTTP DoS attacks with mod_dosevasive

mod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities.

The below steps were used to install mod_dosevasive on Apache-2.

  1. Installation:
    • Check that you have httpd-devel package installed as you will need apxs
    • Download mod_dosevasive.
    • Unpackage and run `apxs -i -a -c mod_dosevasive20.c` in the corresponding folder.
    • Check httpd.conf file for "LoadModule dosevasive20_module modules/"
    • Restart apache.
  2. Configuration:
    • mod_dosevasive has default options configured, but you may also add the
      following block to your httpd.conf:
           <IfModule mod_dosevasive20.c>
            DOSHashTableSize    3097
            DOSPageCount        2
            DOSSiteCount        50
            DOSPageInterval     1
            DOSSiteInterval     1
            DOSBlockingPeriod   10
    • Optionally you can also add the following directives:
           DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
           DOSLogDir           "/var/lock/mod_dosevasive"
  3. Test:
    • Test using the provided script.
    • By default "/tmp" will be used for locking mechanism.

Check the included README file for more info...