Kompilera mod_evasive för Apache 2 på Mac OS X 10.5 Leopard Server

Tråden skapades och har fått 1 svar. Det senaste inlägget skrevs .

Tillägget mod_evasive för Apache 1.3 och 2.0 ger dig extra skydd mot DoS [Denial of Service] attacker när en person/server laddar enormt många sidor parallellt för att sänka tjänsten/tjänsterna.

Ursprungligen av Jonathan A. Zdziarski:

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
Requesting the same page more than a few times per second
Making more than 50 concurrent requests on the same child per second
Making any requests while temporarily blacklisted (on a blocking list)

Information om mod_evasive:
Nuclear Elephant: mod_evasive

1. Ladda ner mod_evasive källkod:

2. Packa upp och gå till mappen.

3. Allt som behövs är ett kommando (specialanpassat för 10.5 och Intel QuadCore):

apxs -cia -Wc,"-arch x86_64" -Wl,"-arch x86x64" mod_evasive20.c

Sen är modulen kompilerad och installerad.

4. Lägg till följande i httpd.conf som ligger i /etc/apache2/

<IfModule mod_evasive20.c>
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
DOSBlockingPeriod 10

Förklaring till ovanstående:

Simply put: "If any client makes more than two requests for a single URL per second, blacklist them for 10 seconds; if any client makes more than 50 requests total per second, blacklist them for 10 seconds."

Additional requests during the blacklist period add another 10 seconds. DOSSiteCount is higher to accommodate media files; loading this single page has caused your browser to make seven separate requests to my server, for example, and many pages are more complex than that. But nobody has a legitimate reason to make multiple requests for the same resource more than once per second. Not with my sites, anyway.

When blacklisting is triggered, mod_evasive can send a notification email, write to a logfile, and/or pass the IP to a script for further processing (e.g adding the IP to firewall rules).

För sajten bestående av väldigt många element kan man även använda:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600


Skulle vilja veta vilket kommando man använder för Mac OS X 10.6 Client.

Tack på förhand :-).

Bevaka tråden