DirectAdmin is a commercial host management panel commonly used in foreign hosts. It uses the Apache engine by default. It is easy to use and has comprehensive functions. We can also optimize its performance by adding some modules. Last month, Hao VPS shared the addition of the Mod_cache module (Previous Review). Today we will take a look at another module: mod_evasive.
mod_evasive is Apache's module to prevent DDoS attacks. When a new visit arrives: check whether the customer IP is in the blacklist, HASH the IP and the request URL together; look up the HASH table and look at the past 1 second Whether to continuously request the same page, HASH the IP and the request URL together; look up the HASH table to see if more than XX connections have been requested in the past 1 second; if any one of the conditions is met, 403 will be returned and the IP will be blocked for a certain period of time, which is determined by DOSSiteInterval. Next, let's take a look at how to install and configure mod_evasive.
********☆☆☆Installation☆☆☆********
Log in to the server via SSH as the root account and run the following commands in sequence.
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz #Download source code
tar zxvf mod_evasive_1.10.1.tar.gz #Decompress
cd mod_evasive #Enter directory
/usr /sbin/apxs -i -a -c mod_evasive20.c #Installation (note that here our DA panel Apache version is 2.*)
OK, after doing the above, mod_evasive has been installed correctly.
********☆☆☆Configuration☆☆☆********
At this time, the mod_evasive module has been installed correctly and automatically added to httpd.conf. We can check the File /etc/httpd/conf/httpd.conf, see the following line:
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
Next, we configure mod_evasive.
Edit the httpd-evasive.conf file and add rules. SSH to run:
vim /etc/httpd/conf/extra/httpd-evasive.conf
Add the following:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097 #Define the hash table size.
DOSSiteCount 50 #Maximum concurrent connections allowed for clients.
DOSPageCount 2 #The interval between allowing clients to access the same page.
DOSPageInterval 1 #Web page access counter interval.
DOSSiteInterval 1 #Site-wide access counter interval.
DOSBlockingPeriod 3600 #Time to deny access after joining the blacklist.
DOSEmailNotify #Notify the administrator after an IP is added to the blacklist.
DOSSystemCommand “sudo iptables -A INPUT -s %s -j DROP” #System command executed after the IP is added to the blacklist.
DOSLogDir “/tmp” #Lock mechanism temporary directory.
DOSWhiteList 127.0.0.1 #Prevent whitelist and do not block whitelist IPs.
</IfModule>
Then, save the rules and exit.
Finally, restart httpd.
service httpd restart #or/etc/init.d/httpd restart
Now, our Apache has added the mod_evasive module.
There is a test script test.pl in the mod_evasive compressed package. You can modify it and test whether it is effective.
perl test.pl #Test
The above parameters are for reference only. The mod_evasive module also has some advanced functions. We look forward to your discussion. This article uses the DirectAdmin panel as an example. If other environments use the Apache engine, this module can also be installed.
