The Sysadmin’s Daily Grind: Mod_evasive

EVASIVE MANEUVERS

Article from Issue 62/2006
Author(s):

The Apache web server can fight back against DoS attacks. You just need a little help from Mod_evasive.

Every admin knows and hates Denial-of-Service attacks. No matter whether the perpetrator is plain stupid, malevolent, or sick, a massive barrage of incessant requests directed at the server causes the server to freeze and pushes the admin’s adrenalin levels way up. Web servers are most commonly attacked. AEMM gives Apache a self-defense mechanism. The package name “Apache Evasive Maneuvers Module” is too long for many people’s liking, and most admins simply refer to it as Mod_evasive [1] – although this is actually just the name of the AEMM Apache module. Under the hood, Mod_evasive uses a blacklist. The module checks incoming requests against the list to find out if multiple requests of the same type have been received from the same IP in the last few seconds. The threshold values are configurable. At the same time, Mod_evasive checks if the requester has called more than 50 objects in the last second.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly’s Column: w3af

    After toiling away to create a small but exclusive website, Charly wanted to run a security scanner against it to check for vulnerabilities. The choice of tools is enormous, but Charly chose w3af.

  • Charly's Column

    Users log on to services such as SSH, ftp, SASL, POP3, IMAP, Apache htaccess, and many more using their names and passwords. These popular access mechanisms are a potential target for brute-force attacks. An attentive bouncer will keep dictionary attacks at bay.

  • Charly's Column

    A partly overloaded DNS server can slow down all the workstations on the network. Dnsgraph is an early warning system that gives administrators a graph of critical values. Your Dnsgraph charts will help you keep your systems serving names.

  • LUG Camp 2010

    From the Lower Rhine to Central Franconia, on his journey, Charly found beaten gold, relaxed Linux users, abandoned beer cellars, and a Python one-liner for presentable photos of the tour. A once-in-a-year experience.

  • Charly's Column

    The siege of Troy is said to have taken 10 years, ending only after Odysseus introduced a wooden horse into the mix. Charly is planning a siege, too, and the target is his own web server. Of course, he doesn't have 10 years to complete the task, and Odysseus isn't on his team.

comments powered by Disqus