Praji’s Weblog

Welcome to praji’s world

mod dosevasive Apache Module How-To

leave a comment »

Directions:

1. Download the newest version of the module from: http://www.nuclearelephant.com/projects/dosevasive/
2. Extract the module.

Ie. (replace the 1.9 with the version you downloaded)

tar -xzvf mod_dosevasive.1.9.tar.gz
3. Change directories so you are inside the mod_dosevasive directory.

cd mod_dosevasive
4. If you are running Apache v1.3, you run: [path to apache]/bin/apxs -i -a -c mod_dosevasive.c

Ie.

/usr/local/apache/bin/apxs -i -a -c mod_dosevasive.c

If you are running Apache v2.0, you run: [path to apache]/bin/apxs -i -a -c mod_dosevasive20.c

Ie.

/usr/local/apache/bin/apxs -i -a -c mod_dosevasive20.c
5. Restart apache.

Ie.

/etc/init.d/httpd restart

Configuration:

This section is intend for people that want to tweak some of the default settings to their own. You are not required to do this.

First you have to add the following section to your httpd.conf
(Ie. /etc/httpd/conf/httpd.conf):

For Apache v1.3:

<IfModule mod_dosevasive.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>

For Apache v2.0:

<IfModule mod_dosevasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>

The above are the default options that are setup (even if you do not have this section in your httpd.conf).

The following is a description of all the settings/variables:

Variable/Option: Description:
DOSHashTableSize Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
DOSPageCount Number of requests for the same page within the ‘DOSPageInterval’ interval that will get an IP address added to the blocking list.
DOSSiteCount Same as ‘DOSPageCount’, but corresponds to the number of requests for a given site, and uses the ‘DOSSiteInterval’ interval.
DOSPageInterval Interval for the ‘DOSPageCount’ threshold in second intervals.
DOSSiteInterval Interval for the ‘DOSSiteCount’ threshold in second intervals.
DOSBlockingPeriod Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.
Advertisements

Written by praji

July 29, 2008 at 11:37 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: