Assalam-u-alaikum,

Though I wanted my first howto to be quite powerful and explanatory, here is what I am starting with, with a short one.

 Mod Evasive (mod_evasive) is a module for Apache web server. Within this, you can define certain limits on it for people trying to access a page on your website. Such as ability to access the same page (more than once) within a second. This is normally an idication of DOS attack. Mod_evasive successfully intercepts such attack and returns a 403 (Forbidden) message to the attacker. Here is how it will be implemented.

 System / OS: CentOS 5.0 

 Homepage of mod_evasive : http://www.zdziarski.com/projects/mod_evasive/

Make sure you have httpd-devel installed before you continue. Otherwise you will not get apxs utlity. You have been warned.

cd ~
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz

cd mod_evasive

apxs -i -a -c mod_evasive20.c

vi /etc/httpd/conf/httpd.conf
....

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
    DOSEmailNotify      This e-mail address is being protected from spambots, you need JavaScript enabled to view it
#     DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'" # this is firewall command maybe
    DOSLogDir           "/var/log/httpd/mod_evasive.log"
</IfModule>



service httpd restart


Time to test it:

Make sure your website's document Root has an index.html, otherwise you will not get correct results. I had to adjust a line in test.pl to get /mrtg/index.html .


# chmod +x test.pl  # supplied by source code of mod_evasive.

Execute this test script:

# ./test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
...
...
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
..
...
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

 Alhumdulillah. Done.