Tweet
Protect Apache Against DDOS Attack
A DDOS (Distributed Denial of Service) or distributed denial-of-service attack is on the most commonly attack on web server, some traditional firewalls are not able to detect it & kill it.
In DDOS attacker send thousand number of http requests on your web server, these request may be or not may be infected with virus. When these flood requests enter your permissive it starts to eat your network & server hardware resources & your system get shut down slowly and slowly. Sometime attacker sends these flood requests on different different source.
Slowloris DDOS Attack
Slowloris is different from typical denials of services in Slowloris attack you will receive legitimate http traffic even your firewall doesn’t detect it because all http requests are legitimate. In Slowloris attacker have control option to send how many legitimate request on the target server, mostly attacker use slow rate delivery of slowloris to easily enter in your permissive. This means that Slowloris is capable of being effective even when standard enterprise-grade IPS and IDS systems are in place
Apace mod_qos.
mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests.
mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.
Counteractive measures to enforce the defined rules are: request blocking, dynamic timeout adjustment, request delay, response throttling, and dropping of TCP connections.
How to install mod_qos on linux:–
I assumed here you have already configured apache server & your website is running.
Prerequisites:—
Libraries have been installed in:
/usr/lib/apache2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Ste4:- Configure & Enable mod_qos
Step5: Enable mod_qos module and restart apache2
In DDOS attacker send thousand number of http requests on your web server, these request may be or not may be infected with virus. When these flood requests enter your permissive it starts to eat your network & server hardware resources & your system get shut down slowly and slowly. Sometime attacker sends these flood requests on different different source.
Slowloris DDOS Attack
Slowloris is different from typical denials of services in Slowloris attack you will receive legitimate http traffic even your firewall doesn’t detect it because all http requests are legitimate. In Slowloris attacker have control option to send how many legitimate request on the target server, mostly attacker use slow rate delivery of slowloris to easily enter in your permissive. This means that Slowloris is capable of being effective even when standard enterprise-grade IPS and IDS systems are in place
Apace mod_qos.
mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests.
mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.
Counteractive measures to enforce the defined rules are: request blocking, dynamic timeout adjustment, request delay, response throttling, and dropping of TCP connections.
How to install mod_qos on linux:–
I assumed here you have already configured apache server & your website is running.
Prerequisites:—
Code:
apt-get install apache2-threaded-dev gcc
Code:
step:1 Download mod_qos from http://opensource.adnovum.ch/mod_qos/ Step:2 Extract mod_qos packages root@demo:~# tar xvf mod_qos-10.16.tar.gz root@demo:~# cd mod_qos-10.16/apache2/ Step3: bulid & install mod_qos root@demo:~/mod_qos-10.16/apache2# apxs2 -i -c mod_qos.c
/usr/lib/apache2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Code:
chmod 644 /usr/lib/apache2/modules/mod_qos.so root@demo:~ # chmod 644 /usr/lib/apache2/modules/mod_qos.so
Code:
root@demo:~# cd /etc/apache2/mods-available/ root@demo:/etc/apache2/mods-available# vim qos.load LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so root@demo:/etc/apache2/mods-available# root@demo:/etc/apache2/mods-available# vim qos.conf ## QoS Settings <IfModule mod_qos.c> # handles connections from up to 100000 different IPs QS_ClientEntries 1000000 # will allow only 50 connections per IP QS_SrvMaxConnPerIP 50 # maximum number of active TCP connections is limited to 256 MaxClients 256 # disables keep-alive when 70% of the TCP connections are occupied: QS_SrvMaxConnClose 180 # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything): QS_SrvMinDataRate 150 1200 # and limit request header and body (carefull, that limits uploads and post requests too): # LimitRequestFields 30 # QS_LimitRequestBody 102400 # block clients violating some basic rules frequently (don't allows more than 20 # violations within 5 minutes): QS_ClientEventBlockCount 200 300 QS_SetEnvIfStatus 400 QS_Block QS_SetEnvIfStatus 401 QS_Block QS_SetEnvIfStatus 403 QS_Block QS_SetEnvIfStatus 404 QS_Block QS_SetEnvIfStatus 405 QS_Block QS_SetEnvIfStatus 406 QS_Block QS_SetEnvIfStatus 408 QS_Block QS_SetEnvIfStatus 411 QS_Block QS_SetEnvIfStatus 413 QS_Block QS_SetEnvIfStatus 414 QS_Block QS_SetEnvIfStatus 417 QS_Block QS_SetEnvIfStatus 500 QS_Block QS_SetEnvIfStatus 503 QS_Block QS_SetEnvIfStatus 505 QS_Block QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block QS_SetEnvIfStatus NullConnection QS_Block </IfModule>
Code:
root@demo:~# a2enmod qos root@demo:~# /etc/init.d/apache2 restart