ÍãÇíÉ whm / cpanel ãä åÌãÇÊ DDoS Attack ãä ÎáÇá Apache Module: Evasive
Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules
mod_security (open-source intrusion detection and prevention engine for web applications that integrates seamlessly with the webserver) and
mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS that can be downloaded and installed
mod_evasive are two very important tools that can be used to protect a web server against brute force or (D)DoS attacks.
mod_evasive, as its name suggests, provides evasive capabilities while under attack,
acting as an umbrella that shields web servers from such threats.
Mod_Evasive
Mod_evasive is an Apache module with sophisticated Layer 7 DDoS mitigation features.
It detects potential attacks against web applications and takes evasive action
by rate-limiting IP addresses that make too many requests in a short time.
First, we need to install the mod_evasive module.
Navigate to
Easy Apache 4 in WHM’s
Software menu. Select the
Apache Modules tab,
search for “mod_evasive,” and flip the install switch.
Next, select the
Review Tab, scroll to the bottom of the page, and click
Provision.
WHM may take a few seconds to install the module and its dependencies.
The module has sensible defaults, but you may want to tweak the configuration file,
which you will find on the server’s filesystem at:
ßæÏ:
/etc/apache2/conf.d/300-mod_evasive.conf
If you would like mod_evasive to send an email when it blocks an IP, set an email address in the DOSEmailNotify section.
You may need to remove the comment symbol (
#) from the beginning of the line.
The configuration file is documented with extensive comments,
and you can learn more from our
mod_evasive documentation.
Pros and Cons There are a number of benefits associated with mod_evasive, including:
- Cost effectiveness – the module is available for free.
- Ease of use – installation and configuration are both easily achieved, while settings can be adjusted on-the-fly to account for any changes to legitimate traffic flows.
- DoS mitigation capabilities – single source attacks are easily identified and blocked.
At the same time, the module’s limitations make it ineffective at mitigating network layer and DDoS attacks.
Specifically, users need to consider that:
- mod_evasive is ineffective against network layer attacks
- Highly distributed attacks may not trigger mod_evasive thresholds configurations.
- Low-and-slow attacks won’t trigger a response from mod_evasive.
- Because traffic is blocked based on rudimentary criteria, mod_evasive is very prone to false positives.
For these reasons, mod_evasive is often thought of as a blunt instrument rather than a comprehensive website security solution. Despite its free price point and relative ease of use, mod_evasive lacks the capabilities to block network layer and DDoS attacks.
ÇáãÑÌÚ:
https://blog.cpanel.com/blocking-att...s-mod_evasive/
https://blog.cpanel.com/how-to-survive-a-ddos-attack/
https://docs.cpanel.net/ea4/apache/a...odule-evasive/
https://www.imperva.com/blog/configu...apache-server/
https://www.tecmint.com/protect-apac...centos-fedora/
ÇáãÝÖáÇÊ