Debian系统上apache2 对应Ddos攻击的mod_...

on 2011-9-15 in web服务器 | 0 Comment
Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasiveThe following guide explains the installation of the apache module "mod_evasive". Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.
Installationapt-get install libapache2-mod-evasive
Create the log directory for mod_evasive
mkdir -p /var/log/apache2/evasivechown -R www-data:root /var/log/apache2/evasive
Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load
vi /etc/apache2/mods-available/mod-evasive.load
so that it looks like this:
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 5 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSLogDir "/var/log/apache2/evasive" </IfModule>
DOSHashTableSize處理記憶體的大小,需根據網站流量狀況來設定,流量越大,此值就需要越大。DOSPageCount在DOSPageInterval所設定的時間區段中,同一個來源 IP 存取同一個頁面的最大存取次數。DOSSiteCount在DOSSiteInterval所設定的時間區段中,同一個來源 IP 可同時發出 HTTP 存取的最大次數。DOSPageInterval設定 DOSPageCount 的時間區段,以秒為單位。DOSSiteInterval設定 DOSSiteCount 的時間區段,以秒為單位。DOSBlockingPeriod當某一IP違反上述的DOSPageCount/DOSPageInterval或DOSSiteCount/DOSSiteInterval,將被block的秒數DOSmailNotify管理者的 Email 位址,當有IP被block時,即會寄發警告信至此信箱中。DOSSystemCommand當發現有疑似攻擊,即需自動執行的指令。DOSLogdirmod_evasive 的Log檔位置,如果沒設定此值,預設存放 Log 的目錄為 /tmp。當有疑似攻擊時,會在該目錄下新增一個 dos_[ip] 的檔案。and restart apache:
/etc/init.d/apache2 restart
测试
# perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
Tags: 

延伸阅读

最新评论

发表评论