很有名的防止DoS模块 dosevasive |
| 作者:佚名 来源:不详 更新:2006-8-25 21:05:35 错误报告 我要投稿 |
http://freshmeat.net/redir/mod_dosevasive/34138/url_tgz/mod_dosevasive.1.8.tar.gz
Apache DoS Evasive Maneuvers Module [v1.4-Stable]
A module for Apache 1.3 giving Apache the ability to fend off request-based DoS attacks conserving your system resources and bandwidth. This new tool maintains an internal table of IP addresses and URLs and will deny repeated requests for the same URL from the same IP address, blacklisting the address for 10-seconds per extraneous request. This is by no means designed to be a complete solution. In the event of a heavy distributed DoS attack, this module will not fend off attacks consuming all available bandwidth or more resources than are available to send 403's, but is very successful in typical flood attacks or cgi flood attacks.
This tool wasn't designed as an end-all be-all solution, it was designed as a starting point for cutting off extraneous requests (so you don't have a few thousand CGIs running on your server, or a few thousand page sends) and to provide a means of detection. You could easily take this code and have it talk to your firewalls or border routers to shut down the ip addresses that are being blacklisted. If you don't have decentralized content or at the very least a distributed design, you're going to be DoS'd regardless, but this tool can at least make it take more power to do it.
安装方法:
tar zxvf mod_dosevasive.tar.gz
cd dosevasive/
/usr/local/apache/bin/apxs -i -c mod_dosevasive.c
vi /usr/local/apache/conf/httpd.conf
加入
LoadModule dosevasive_module libexec/mod_dosevasive.so
AddModule mod_dosevasive.c
<IfModule mod_dosevasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
重起apache
APACHE v2.0
-----------
1. Extract this archive
2. Run $APACHE_ROOT/bin/apxs -i -a -c mod_dosevasive20.c
3. The module will be built and installed into $APACHE_ROOT/modules, and loaded into your httpd.conf
4. Restart Apache
APACHE v2.0
-----------
<IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
APACHE v2.0
-----------
LoadModule dosevasive20_module modules/mod_dosevasive20.so
(This line is already added to your configuration by apxs)
|
|
| 文章录入:skyuu 责任编辑:skyuu |
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
用户登录
