Apache DDoS Detection

Services
- Infrastructure
  - iColocation
- Compute
  - cMetal
- Storage
  - sObject
  - sBlock
- Networking
- Protection
  - pBackup
  - pDDoS
Solutions
- Ecommerce
- Security
- Gaming
- Hosting
- Management
- Finance
- System Integrator
Dashboard

Psychz - Omkar

Votes: 0Posted On: Sep 26, 2019 12:43:19

Apache has a module that helps to prevent a DDoS attack. However, it's probably not installed by default. The module named "mod_evasive" takes protective action at the time of a DDoS attack or a BruteForce attack and protect Apache from these types of attacks. You can configure it to send you reports by email. To configure mod_evasive on centos 7 servers, please follow the below steps.

Note: If you need help on how to keep Apache webserver running, please follow the steps on How To Install Linux, Apache, MySQL, PHP (LAMP) stack on CentOS 7 https://www.psychz.net/client/kb/en/installation-of-lamp-stack-on-centos-7.html

Step 1. Install EPEL yum repository packages

You will need EPEL (Extra Packages for Enterprise Linux) which is an open source and free community based repository project from Fedora team which provides 100% high quality add-on software packages for Linux distribution including RHEL (Red Hat Enterprise Linux), CentOS and Scientific Linux. Execute the below commands in the terminal.

# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Followed by

# rpm -ivh epel-release-latest-7.noarch.rpm

Step 2. Install mod_evasive module using below command

# yum install mod_evasive -y

Step 3. Verify installation by checking the configuration file

# cat /etc/httpd/conf.d/mod_evasive.conf

You need to verify that the following line appears on top of the config file

LoadModule evasive20_module modules/mod_evasive24.so

Step 4. Restart the httpd service

# systemctl start httpd

Your server is now protected against DDoS and other malicious attacks.

The module is by default already configured. But if you want to alter the mod_evasive configuration, open the configuration file mentioned below using any editor and make sure httpd service is restarted if the config file is altered

# vim /etc/httpd/conf.d/mod_evasive.conf

We'll learn how to enable email alert.

Go to line number 48 and uncomment the below line and enter your email id in the required field. So, The events will be automatically alerted via emails.

#DOSEmailNotify example@yourdomain.com