DirectAdmin – add mod_evasive CC module prevention attack

Against CC attacks is mod_evasive Apache server module, it can detect and limit the number of requests for same IP, to execute commands when certain conditions (such as ban IP using iptables), although there is not defense against CC attacks, but under certain conditions, enabling them to relieve pressure on the Apache server.

A, access to mod_evasive


SSH execute the above command. Download mod_evasive 1.10.1.

Second, decompression

Extract the tar zxvf mod_evasive_1.10.1.tar.gz #
CD mod_evasive # into the directory

Third, install the component

/usr/sbin/apxs -i -a -c mod_evasive20.c

SSH execute the above command. Install mod_evasive.

Four, add profile

1) new httpd-evasive.conf

vim /etc/httpd/conf/extra/httpd-evasive.conf

SSH execute the above command, use vim new httpd-evasive.conf, and fill in the following

DOSHashTableSize 3097 # hash table size (without modification)
DOSPageCount 10 # allow single IP maximum concurrent connections (instant)
DOSSiteCount 50 # allow machines access the same page count in the specified number of seconds.
DOSPageInterval 1 # single page request time (1 second by default)
DOSSiteInterval 1 # all requested test time (1 second by default)
DOSBlockingPeriod 3600 # blacklists block time (default 3,600 seconds)
DOSEmailNotify root # new blacklist log notification administrator (for mailboxes can be modified)
DOSSystemCommand “% DROP” # execute a command in a blacklist

The following figure:


Five or more, reference files

1) editing httpd.conf

vim /etc/httpd/conf/httpd.conf

2) inserted at the appropriate place, the following

Include conf/extra/httpd-evasive.conf

The following figure:


Six, restart Apache

service httpd restart