How to mitigate from DDoS with mod_security and mod_evasive on Centos 6?

For smaller scale DDoS attacks, Web Application Firewall (WAF) like Mod Security and Mod Evasive will mitigate DDoS attacks. For larger scale DDoS attacks, you may need to turn to professional DDoS mitigation service provider.

1. Install Mod Security Apache Module.

# Install Mod Security
yum install mod_security
# Download latest OWASP ruleset from the site below.
# http://spiderlabs.github.io/owasp-modsecurity-crs/
tar xfz SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
# Remove the one that was installed by the binary mod_security package.
rm -rf /etc/httpd/modsecurity.d
mv SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb /etc/httpd/modsecurity.d
# Edit the /etc/httpd/conf.d/mod_security.conf

2. Install mod_evasive Apache Module.

# We are going to build mod_evasive binary from the source.
yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

# Install mod_evasive.
cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive

# Now, you need to find where apxs is installed.
rpm -ql httpd-devel |grep apxs
# /usr/sbin/apxs  // Output from the command above
/usr/sbin/apxs -cia mod_evasive20.c
#Libraries have been installed in:
#   /usr/lib64/httpd/modules
# Add the following block in the /etc/httpd/conf/httpd.conf
# mod_evasive
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2 
DOSSiteCount        50
DOSPageInterval     1 
DOSSiteInterval     1
DOSBlockingPeriod   60
# If you wish to receive email notification, modify & uncomment below.
#DOSEmailNotify [email protected]
</IfModule>

# Restart Apache
service httpd restart

Comments

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.