mod_evasive 是Apache服务器的防CC攻击的一个模块,它可以检测和限制同个IP的请求次数,达到一定条件时执行命令(如使用iptables封禁IP),虽然并不能完全防御CC攻击,但在一定条件下能起到缓解Apache服务器的压力。

1)预安装:

yum install httpd-devel

2)获得mod_evasive,解压,安装。

cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c

3)添加配置文件
vi /etc/httpd/conf/httpd.conf,在LoadModule evasive20_module /usr/lib/apache/mod_evasive20.so下面添加引用httpd-evasive.conf文件。

LoadModule evasive20_module /usr/lib/apache/mod_evasive20.so
Include /etc/httpd/conf/extra/httpd-evasive.conf

httpd-evasive.conf文件的内容如下:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097(哈希表大小,无需修改)
DOSPageCount 2(允许单IP的最大并发连接(瞬间值)
DOSSiteCount 50(允许单台机在指定秒数内访问同一页的次数)
DOSPageInterval 1 单页请求检测时间(默认1秒)
DOSSiteInterval 1 全站请求检测时间(默认1秒)
DOSBlockingPeriod 3600 黑名单封禁时间(默认3600秒)
DOSEmailNotify someone@somewhere.com有新黑名单记录通知管理员
DOSSystemCommand “iptables -A INPUT -s %s -j DROP” 进黑名单执行命令
</IfModule>

4)重启apache

/etc/init.d/httpd restart

教程参考

1、https://library.linode.com/web-servers/apache/mod-evasive

2、http://www.kwx.gd/CentOSApp/CentOS-DA-mod-evasive.html

3、mod_evasive官方博客http://www.zdziarski.com/blog/?page_id=442

首页

No Comments Now!

Be the first to comment on this entry.

留下评论

姓名(必填)
Mail (必填),(will not be published)
站点(recommended)

Fields in bold are required. Email addresses are never published or distributed.

Some HTML code is allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
URLs must be fully qualified (eg: http://www.directadmin.cc/blog),and all tags must be properly closed.

Line breaks and paragraphs are automatically converted.

Please keep comments relevant. Off-topic, offensive or inappropriate comments may be edited or removed.