How to Secure Apache Server from DDoS, Slowloris, and DNS Injection Attacks

How to Secure Apache Server from DDoS, Slowloris, and DNS Injection Attacks

Add Comment
DDoS
There is an Apache module that was created to prevent a DDoS attack, although it's probably not installed by default. Follow these steps to install the module.
Open the terminal window. Issue the command:
1
sudo apt-get -y install libapache2-mod-evasive
Run the following command:
1
sudo mkdir -p /var/log/apache2/evasive
Run the following command
1
sudo chown -R www-data:root /var/log/apache2/evasive
Open the /etc/apache2/mods-available/evasive.load file (using sudo and your favorite text editor) and append the following to the bottom of that file (this is one configuration per line):
1
2
3
4
5
6
7
8
9
10
11
12
13
DOSHashTableSize 2048
# Maximum number of requests for the same page
DOSPageCount 20
# Total number of requests for any object by the same client IP on the same listener
DOSSiteCount 300
# Interval for the page count threshold
DOSPageInterval 1.0
# Interval for the site count threshold
DOSSiteInterval 1.0
# Time that a client IP will be blocked for
DOSBlockingPeriod 10.0
DOSLogDir "/var/log/apache2/evasive"
DOSEmailNotify admin@example.com
Save the file and restart Apache. Now be better protected from DDoS attacks.
Slowloris
Slowloris is software written by Robert Hansen that allows one machine to take down another machine's web server using minimal bandwidth. Apache has a module to help prevent such attacks. Here's how to get it working for you.
Run the following command:
1
sudo apt-get -y install libapache2-mod-qos
After the installation is complete, check the configuration in /etc/apache2/mods-available/qos.conf to make sure it perfectly fits your needs. After you tweak the module (if necessary), restart Apache and enjoy a Slowloris-free web server.
DNS Injection
Spam from web forms is not only prevalent, it's a fast-track method of getting your domain blacklisted by the likes of Spamhaus. To prevent DNS Injection attacks, which are attacks that can inject fake DNS names into your server's cache, you need to add another module to Apache. Follow these steps.
Run the following command:
1
sudo apt-get -y install libapache2-mod-spamhaus
After the installation completes, issue the command:
1
sudo touch /etc/spamhaus.wl
With the module installed, open the /etc/apache2/conf-available/security.conf file (using sudo and your favorite text editor) and append the following to the bottom of your configuration file:
1
2
3
4
5
<IfModule mod_spamhaus.c>
    MS_METHODS POST,PUT,OPTIONS,CONNECT
    MS_WhiteList /etc/spamhaus.wl
    MS_CacheSize 256
</IfModule>
Save the security.conf file and restart Apache so the new module will take effect.
SHARE

Ibrar Ansari

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

Subscribe to: Post Comments ( Atom )