Mitigate from DDoS with mod_security and mod_evasive

# Install Mod Security yum install mod_security # Download latest OWASP ruleset from the site below. # http://spiderlabs.github.io/owasp-modsecurity-crs/ tar xfz SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz # Remove the one that was installed by the binary mod_security package. rm -rf /etc/httpd/modsecurity.d mv SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb /etc/httpd/modsecurity.d # Edit the /etc/httpd/conf.d/mod_security.conf

# We are going to build mod_evasive binary from the source. yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel

# Install mod_evasive. cd /usr/src wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz tar xzf mod_evasive_1.10.1.tar.gz cd mod_evasive

# Now, you need to find where apxs is installed. rpm -ql httpd-devel |grep apxs # /usr/sbin/apxs Output from the command above /usr/sbin/apxs -cia mod_evasive20.c #Libraries have been installed in: # /usr/lib64/httpd/modules # Add the following block in the /etc/httpd/conf/httpd.conf # mod_evasive <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 60 # If you wish to receive email notification, modify & uncomment below. #DOSEmailNotify notify@mydomain.com </IfModule> # Restart Apache service httpd restart ===== References ===== http://www.webtrafficexchange.com/how-mitigate-ddos-modsecurity-and-modevasive-centos-6