What is Apache ?

The Apache HTTP Web Server, we all well know it as Apache, is one of the world’s most widely used Web servers. It is very popular because of its strong security features, most outstanding performance & the fact that it does cost us any thing. It comprehensively supports and it is most recommended for MySQL & PHP/Perl/Python (and now also supports Ruby) programming languages.

It’s available for all flavours of Unix (GNU/Linux & UNIX systems), Microsoft Windows including other OS as well, for Example Linux distros such as  RedHat, SuSe, Debian, CentOs, Gentoo, Mandrake, Fedora, etc etc. Apache is used to serve both dynamic static content & static Web pages on the Internet. Some web applications are developed expecting the features & environment that Apache provides. It is one of the most basic feature in the hosting world is what allows your website to be seen by the world.

What is a DDoS attack ?

A Denial-Of-Service attack (DoS attack) or Distributed Denial-Of-Service attack (DDoS attack) is nopthing but an attempt to make a domain name or a computer resource unavailable to its users by sending mass packets to it. Perpetrators of DoS attacks like to target domains/sites/hosts or services hosted with high profile webhosting servers such as credit card payment gateways, banks, & even root nameservers.

The most common method of attack involves saturating the target (victim) machine with request that communicates externally, such that even the legimate traffic also does not get a response, or respond very slowly as to be effectively unavailable.

In general terms, DoS attacks are set so that the targeted computer(s) is either reset or consume all the available resources so that the target is no longer available to provide its intended service or to obstruct the communication between the users & the victim so that there is no suitable communication between them.

There are several ways to stop such kind of attacks, most of the providers use “Proxy Shield” which is most effective services available today and can handle an attack upto 4GB per second. Although it is a very expensive service and only corporate websites can afford them. If you want to handle small DDos attacks then you can either go for a hardware firewall or a software application like the one below, which is very effective to handle DDos at its initial stage.

About mod_evasive & how does it prevent DDoS attack ?

mod_evasive is basically an evasive maneuvers module configured on Apache web server to provide evasive action where ever there is an brute force attack or DDoS attack or HTTP DoS. You can also use it as a traffic detection or network management tool and can be effective configured to work with ipchains, routers, firewalls etc. You can also set mod_evasive up to send abuse reports via email & syslog facilities.

It creats an internal dynamic hash table of IP Addresses for detections & URIs and denying any single IP if any of the following is true:

– Making any requests while temporarily blacklisted on the server.
– Single page on your website is access for more then n number of time.
– Establishing more than 50 concurrent connections per second on the same child.

This method works well on both attacks, may it be single-server script attackor a distributed attack but like any other evasive tools it is only useful to the point of processor consumption & bandwidth hence to configure this tool with your firewalls & routers gines out the maximum protection to your dedicated server as well as webhosting sites.

This module is instantiated for each listener individually that is every time when there is a HTTP request to Apache Web Server and therefore the evassive tool has a built-in scaling capabilities & cleanup mechanism. Because of this per-child design, only the scripted attacks get cought and blocked access and legitimate requests are never compromised even if they come from NAT addresses or proxies. Even if the user repeatedly click on ‘reload’ button should not be affected unless they do it maliciously. One can tweak mod_evasive fully through the Apache configuration file that is httpd.conf and it is very easy to incorporate into your Linux web hosting server and most important, easy to use.

Here are the steps to install mod_evasive:

Install & configure it on a Linux Server:

Login to the server as root & execute following connabds one bu one:

cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

For Apache 2.0.x

/usr/sbin/apxs -cia mod_evasive20.c

Then add add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

For Apache 1.3.x

/usr/local/apache/bin/apxs -cia mod_evasive.c

Then add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

Now just restart Apache web hosting server & the installation is complete..

/etc/init.d/httpd restart

Congratulations.. your Linux Apache web hosting server is now more safer from the DDoS attacks.

Bookmark To: