المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : حماية whm / cpanel من هجمات DDoS Attack من خلال Apache Module: Evasive



Rise Company
09-12-2021, 20:36
حماية whm / cpanel من هجمات DDoS Attack من خلال Apache Module: Evasive
Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules

https://www.rise.company/forum/images/imported/2021/12/15.jpg

mod_security (open-source intrusion detection and prevention engine for web applications that integrates seamlessly with the webserver) and
mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS that can be downloaded and installed

mod_evasive are two very important tools that can be used to protect a web server against brute force or (D)DoS attacks.
mod_evasive, as its name suggests, provides evasive capabilities while under attack,
acting as an umbrella that shields web servers from such threats.



Mod_Evasive

Mod_evasive is an Apache module with sophisticated Layer 7 DDoS mitigation features.
It detects potential attacks against web applications and takes evasive action
by rate-limiting IP addresses that make too many requests in a short time.

First, we need to install the mod_evasive module.
Navigate to Easy Apache 4 in WHM’s Software menu. Select the Apache Modules tab,
search for “mod_evasive,” and flip the install switch.

https://www.rise.company/forum/images/imported/2021/12/44.png

Next, select the Review Tab, scroll to the bottom of the page, and click Provision.
WHM may take a few seconds to install the module and its dependencies.

The module has sensible defaults, but you may want to tweak the configuration file,
which you will find on the server’s filesystem at:

/etc/apache2/conf.d/300-mod_evasive.conf

If you would like mod_evasive to send an email when it blocks an IP, set an email address in the DOSEmailNotify section.
You may need to remove the comment symbol (#) from the beginning of the line.

https://www.rise.company/forum/images/imported/2021/12/45.png

The configuration file is documented with extensive comments,
and you can learn more from our mod_evasive documentation (https://docs.cpanel.net/ea4/apache/apache-module-evasive/).

Pros and Cons There are a number of benefits associated with mod_evasive, including:


Cost effectiveness – the module is available for free.
Ease of use – installation and configuration are both easily achieved, while settings can be adjusted on-the-fly to account for any changes to legitimate traffic flows.
DoS mitigation capabilities – single source attacks are easily identified and blocked.

At the same time, the module’s limitations make it ineffective at mitigating network layer and DDoS attacks.
Specifically, users need to consider that:


mod_evasive is ineffective against network layer attacks
Highly distributed attacks may not trigger mod_evasive thresholds configurations.
Low-and-slow attacks won’t trigger a response from mod_evasive.
Because traffic is blocked based on rudimentary criteria, mod_evasive is very prone to false positives.

For these reasons, mod_evasive is often thought of as a blunt instrument rather than a comprehensive website security solution. Despite its free price point and relative ease of use, mod_evasive lacks the capabilities to block network layer and DDoS attacks.



المرجع:
https://blog.cpanel.com/blocking-attacks-with-easyapache-4s-mod_evasive/
https://blog.cpanel.com/how-to-survive-a-ddos-attack/
https://docs.cpanel.net/ea4/apache/apache-module-evasive/
https://www.imperva.com/blog/configuring-mod_evasive-to-protect-your-apache-server/

https://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/

Rise Company
09-12-2021, 21:04
حلول بعض المشاكل
https://stackoverflow.com/questions/10358614/auto-complete-and-mod-evasive