One way to stop one of the more basic attacks on a server is mod_evasive.This how-to will walk though the process of installing and configuring mod_evasive. This apache module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.
**NOTE** This module has been known to cause problems with frontpage server extensions. If you them you should not install this module or just be aware of the fact it might break them.
Follow this section for Apache 1.3.x.
—–command—–
cd /usr/local/src
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/local/apache/bin/apxs -cia mod_evasive.c
—–command—–
If you are adding the is module to apache 1.3.x the following lines need to be added to the httpd.conf below the AddModule section.
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
Now you should restart apache.
—–command—–
service httpd restart
—–command—–
