Find out which three modules to install on your Apache server to lock it down and prevent DDoS, Slowloris, and DNS Injection attacks.
I'll walk you through the process of preventing your
Apache server from Distributed Denial of Service (DDoS), Slowloris, and DNS Injection attacks.
These breakins are quite simple to prevent, as long as you take the
time to lock down that server.
I'm assuming that your Apache server is up and running and (for
simplicity's sake) that it's running on the Ubuntu platform -- for any
other platform,
you'll need to make minor adjustments. All of this work will be done
within a console window, so prepare to get "the flavor of console" all
your fingertips.
Don't miss: IT Security in the Snowden Era, a ZDNet Special Feature
There is an Apache module that was created to prevent a DDoS attack,
although it's probably not installed by default. Follow these steps to
install the module.
1. Open your terminal window.
2. Issue the command sudo apt-get -y install
3. Issue the command sudo mkdir -p
4. Issue the command sudo chown -R www-data:root
5. Open the
/ete/apache2/mods-available/mod-evasive.load file (using sudo and your favorite
text editor) and append the following to the bottom of that file (this is one configuration per line):
DOSHashTableSize 2048
DOSPageCount 20 # maximum number of requests for the same page
DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0 # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir “/var/log/apache2/evasive”
6. Save the file and restart Apache.
You should now be better
protected from DDoS attacks.
Slowloris is software written by Robert Hansen that allows one machine to take down another machine's web server using
minimal bandwidth. Apache has a module to help prevent such attacks. Here's how
to get it working for you.
1. Open a terminal window.
2. Issue the command sudo apt-get -y install
After the installation is complete, check the
configuration in /etc/apache2/mods-available/qos.conf to make sure it perfectly
fits your needs. After you tweak the module (if necessary),
restart Apache and enjoy a Slowloris-free web server.
DNS Injection
Spam from web forms is not only prevalent, it's a fast-track
method of getting your domain blacklisted by the likes of Spamhaus. To prevent
DNS Injection attacks, which are attacks that can inject fake DNS names into your
server's cache, you need to add another module to Apache.
Follow these steps.
1. Open a terminal window.
2. Issue the command sudo apt-get -y install
3. After the installation completes, issue the command sudo touch /etc/spamhaus.wl.
4. With the module installed, open the
/etc/apache2/apache2.conf file (using sudo and your favorite text editor) and
append the following to the bottom of your configuration file:
MS_WhiteList /etc/spamhaus.wl
MS_CacheSize 256
5. Save the apache2.conf file and restart Apache so the new
module will take effect.
Your Apache web server is now better protected from
popular attacks, each of which could take down your server or network.
But even with these modules working for you, it's always best to keep a
close on your Apache log files (which you should find in
With a diligent eye to preventing attacks and a
proactive stance on watching the logs, Apache should serve you well for
a very long time.
Post a Comment
Appreciate your concern ...