GalacNet - Web Server FaQ - Blocking people that try to DDoS the Web Server

Home

Commercial / Business

Shared Web Hosting
Affordable Shared Hosting packages by GalacNet

Shoutcast Hosting
Quality Shoutcast hosting at the most competitive prices. Be your own DJ today

Web Hosting Partners
GalacNet's Partners in Webhosting giving you more options for your hosting needs

Dedicated Cobalt RaQ Hosting
Personal Cobalt Web Server hosting for small to medium establishments

Dedicated Server Hosting
Your choice of hardware with DirectAdmin installed

Co-Location Service
Your own server on our rack backed by Cisco infrastructure

Advertising Opportunities
Reach out to your target audience with our various advertising programs

Forum Management & Activity Forum management and activity boosting services

Free Services

Hello Kitty

Hello Kitty Event Gallery

Free Web Imaging

Free Webhosting Providers

Free Forums

Coppermine Photo Gallery

Other Free Services

GalacNet FaQ and Help Archives

Server Administration Help - Blocking people that try to DDoS the Web Server

This procedure is for Linux Redhat, Fedora Core or CentOS systems. But should be roughly the same for all Linux or Unix based systems.

Excute the following in italics
wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
(or if unavailable use "wget http://www.galacnet.com/faq/downloads/mod_evasive_1.10.1.tar.gz")
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive_1.10.1

Then for Apache 1.3
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive.c

Or for Apache v2.0
/usr/local/apache/bin/apxs -i -a -c mod_dosevasive20.c
(note that path to apxs could be different and you should try to locate apxs if the command is unavailable)

/etc/init.d/httpd restart

Installation could fail if you do not have the GCC compilers for apache. please refer to our other help files for how to install those.

Configuration of Mod Evasive
edit this file /etc/httpd/conf/httpd.conf and look for the following :

For Apache v1.3:

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

For Apache v2.0:

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10

Here are what the above does :-

DOSHashTableSize : Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.

DOSPageCount : Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.

DOSSiteCount : Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.

DOSPageInterval : Interval for the 'DOSPageCount' threshold in second intervals.

DOSSiteInterval : Interval for the 'DOSSiteCount' threshold in second intervals.

DOSBlockingPeriod : Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.

Back to FaQ Section