The Sysadmin’s Daily Grind: Mod_evasive

EVASIVE MANEUVERS

Article from Issue 62/2006
Author(s):

The Apache web server can fight back against DoS attacks. You just need a little help from Mod_evasive.

Every admin knows and hates Denial-of-Service attacks. No matter whether the perpetrator is plain stupid, malevolent, or sick, a massive barrage of incessant requests directed at the server causes the server to freeze and pushes the admin’s adrenalin levels way up. Web servers are most commonly attacked. AEMM gives Apache a self-defense mechanism. The package name “Apache Evasive Maneuvers Module” is too long for many people’s liking, and most admins simply refer to it as Mod_evasive [1] – although this is actually just the name of the AEMM Apache module. Under the hood, Mod_evasive uses a blacklist. The module checks incoming requests against the list to find out if multiple requests of the same type have been received from the same IP in the last few seconds. The threshold values are configurable. At the same time, Mod_evasive checks if the requester has called more than 50 objects in the last second.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly’s Column: w3af

    After toiling away to create a small but exclusive website, Charly wanted to run a security scanner against it to check for vulnerabilities. The choice of tools is enormous, but Charly chose w3af.

    more »
  • Capture the Flag

    TryHackMe's Capture the Flag puzzles are a useful source for users who want to learn about ethical hacking and penetration testing.

    more »
  • Charly's Column

    Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

    more »
  • Charly's Column

    A partly overloaded DNS server can slow down all the workstations on the network. Dnsgraph is an early warning system that gives administrators a graph of critical values. Your Dnsgraph charts will help you keep your systems serving names.

    more »
  • LUG Camp 2010

    From the Lower Rhine to Central Franconia, on his journey, Charly found beaten gold, relaxed Linux users, abandoned beer cellars, and a Python one-liner for presentable photos of the tour. A once-in-a-year experience.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Events Hardware Linux Linux Pro Magazine Mobile Programming Security Software Ubuntu Web Development Windows free software open source