For smaller scale DDoS attacks, Web Application Firewall (WAF) like Mod Security and Mod Evasive will mitigate DDoS attacks. For larger-scale DDoS attacks, you may need to turn to a professional DDoS mitigation service provider.

1. Install Mod Security Apache Module.

# Install Mod Security
yum install mod_security
# Download the latest OWASP ruleset from the site below.
# http://spiderlabs.github.io/owasp-modsecurity-crs/
tar xfz SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
# Remove the one that was installed by the binary mod_security package.
rm -rf /etc/httpd/modsecurity.d
mv SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb /etc/httpd/modsecurity.d
# Edit the /etc/httpd/conf.d/mod_security.conf

2. Install mod_evasive Apache Module.

# We are going to build a mod_evasive binary from the source.
yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

# Install mod_evasive.
cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive

# Now, you need to find where apxs is installed.
rpm -ql httpd-devel |grep apxs
# /usr/sbin/apxs  // Output from the command above
/usr/sbin/apxs -cia mod_evasive20.c
#Libraries have been installed in:
#   /usr/lib64/httpd/modules
# Add the following block in the /etc/httpd/conf/httpd.conf
# mod_evasive
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2 
DOSSiteCount        50
DOSPageInterval     1 
DOSSiteInterval     1
DOSBlockingPeriod   60
# If you wish to receive email notification, modify & uncomment below.
#DOSEmailNotify notify@mydomain.com
</IfModule>

# Restart Apache
service httpd restart

Share this post

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment