Image

Knowledge base → Protecting Apache from Flood attacks

[Virtual servers]
Date of publication: 27.01.2023

There is a so-called slow reading attack. A post request is made from a large number of IP addresses to some form of the site, with little regularity, unlike a syn attack. These can also be multiple bots that collect information from the site and create an unwanted load. To block bots with this behavior, install the mod_evasive module.

Installation

Connecting the Epel repository

yum install epel-release

then in /etc/yum.repos.d/epel.repo you need to enable it, enabled=1

yum install mod_evasive

Settings

Let's open the configuration file, usually here /etc/httpd/conf.d/mod_evasive.conf and change the settings, since by default it is very sensitive and can block ordinary clients.

DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
DOSEmailNotify user@domain.tld
DOSLogDir "/var/log/mod_evasive"
DOSWhitelist 127.0.0.1

Now you need to restart the apache service with the command

service httpd restart




No Comments Yet