Announcement

Collapse
No announcement yet.

Protect Apache Against DDOS Attack

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protect Apache Against DDOS Attack

    A DDOS (Distributed Denial of Service) or distributed denial-of-service attack is on the most commonly attack on web server, some traditional firewalls are not able to detect it & kill it.

    In DDOS attacker send thousand number of http requests on your web server, these request may be or not may be infected with virus. When these flood requests enter your permissive it starts to eat your network & server hardware resources & your system get shut down slowly and slowly. Sometime attacker sends these flood requests on different different source.

    Slowloris DDOS Attack

    Slowloris is different from typical denials of services in Slowloris attack you will receive legitimate http traffic even your firewall doesn’t detect it because all http requests are legitimate. In Slowloris attacker have control option to send how many legitimate request on the target server, mostly attacker use slow rate delivery of slowloris to easily enter in your permissive. This means that Slowloris is capable of being effective even when standard enterprise-grade IPS and IDS systems are in place



    Apace mod_qos.

    mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests.

    mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.

    Counteractive measures to enforce the defined rules are: request blocking, dynamic timeout adjustment, request delay, response throttling, and dropping of TCP connections.



    How to install mod_qos on linux:–

    I assumed here you have already configured apache server & your website is running.

    Prerequisites:—

    Code:
    apt-get install apache2-threaded-dev gcc

    Code:
    step:1 Download mod_qos from http://opensource.adnovum.ch/mod_qos/ 
    
    Step:2 Extract mod_qos packages
    
    root@demo:~# tar xvf mod_qos-10.16.tar.gz
    
    root@demo:~# cd mod_qos-10.16/apache2/
    
    Step3: bulid & install mod_qos
    
    root@demo:~/mod_qos-10.16/apache2# apxs2 -i -c mod_qos.c
    Libraries have been installed in:
    /usr/lib/apache2/modules

    If you ever happen to want to link against installed libraries
    in a given directory, LIBDIR, you must either use libtool, and
    specify the full pathname of the library, or use the `-LLIBDIR'
    flag during linking and do at least one of the following:
    - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
    during execution
    - add LIBDIR to the `LD_RUN_PATH' environment variable
    during linking
    - use the `-Wl,-rpath -Wl,LIBDIR' linker flag
    - have your system administrator add LIBDIR to `/etc/ld.so.conf'

    See any operating system documentation about shared libraries for
    more information, such as the ld(1) and ld.so(8) manual pages.
    ----------------------------------------------------------------------
    Code:
    chmod 644 /usr/lib/apache2/modules/mod_qos.so
    
    root@demo:~ # chmod 644 /usr/lib/apache2/modules/mod_qos.so
    Ste4:- Configure & Enable mod_qos
    Code:
    root@demo:~# cd /etc/apache2/mods-available/
    
    root@demo:/etc/apache2/mods-available# vim qos.load 
    
    LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so
    
    root@demo:/etc/apache2/mods-available#
    
    
    
    root@demo:/etc/apache2/mods-available# vim qos.conf
    
    ## QoS Settings
    <IfModule mod_qos.c>
     # handles connections from up to 100000 different IPs
     QS_ClientEntries 1000000
     # will allow only 50 connections per IP
     QS_SrvMaxConnPerIP 50
     # maximum number of active TCP connections is limited to 256
     MaxClients 256
     # disables keep-alive when 70% of the TCP connections are occupied:
     QS_SrvMaxConnClose 180
     # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
     QS_SrvMinDataRate 150 1200
     # and limit request header and body (carefull, that limits uploads and post requests too):
     # LimitRequestFields 30
     # QS_LimitRequestBody 102400
    
    # block clients violating some basic rules frequently (don't allows more than 20
    # violations within 5 minutes):
    QS_ClientEventBlockCount 200 300
    QS_SetEnvIfStatus 400 QS_Block
    QS_SetEnvIfStatus 401 QS_Block
    QS_SetEnvIfStatus 403 QS_Block
    QS_SetEnvIfStatus 404 QS_Block
    QS_SetEnvIfStatus 405 QS_Block
    QS_SetEnvIfStatus 406 QS_Block
    QS_SetEnvIfStatus 408 QS_Block
    QS_SetEnvIfStatus 411 QS_Block
    QS_SetEnvIfStatus 413 QS_Block
    QS_SetEnvIfStatus 414 QS_Block
    QS_SetEnvIfStatus 417 QS_Block
    QS_SetEnvIfStatus 500 QS_Block
    QS_SetEnvIfStatus 503 QS_Block
    QS_SetEnvIfStatus 505 QS_Block
    QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block
    QS_SetEnvIfStatus NullConnection QS_Block
    
    </IfModule>
    Step5: Enable mod_qos module and restart apache2
    Code:
    root@demo:~# a2enmod qos
    root@demo:~# /etc/init.d/apache2 restart
    Last edited by kuldeep; 02-25-2015, 10:49 PM.
Working...
X