Table of Contents

DDOS

Mitigate from DDoS with mod_security and mod_evasive


Install Mod Security Apache Module

Install Mod Security

yum install mod_security

Download latest OWASP ruleset

From the site http://spiderlabs.github.io/owasp-modsecurity-crs/

tar xfz SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz

Remove the one that was installed by the binary mod_security package.

rm -rf /etc/httpd/modsecurity.d
mv SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb /etc/httpd/modsecurity.d

Edit the /etc/httpd/conf.d/mod_security.conf


Install mod_evasive Apache Module

Build mod_evasive binary from the source.

yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

Install mod_evasive.

cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive

Now, you need to find where apxs is installed.

rpm -ql httpd-devel |grep apxs
# /usr/sbin/apxs  // Output from the command above
/usr/sbin/apxs -cia mod_evasive20.c

Libraries have been installed in:

 /usr/lib64/httpd/modules

Add the following block in the /etc/httpd/conf/httpd.conf

/etc/httpd/conf/httpd.conf
# mod_evasive
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2 
DOSSiteCount        50
DOSPageInterval     1 
DOSSiteInterval     1
DOSBlockingPeriod   60
# If you wish to receive email notification, modify & uncomment below.
#DOSEmailNotify notify@mydomain.com
</IfModule>

Restart Apache

service httpd restart

References

http://www.webtrafficexchange.com/how-mitigate-ddos-modsecurity-and-modevasive-centos-6