The apache module that will do the job is called mod_dosevasive. The installation is easy.
- Download from http://www.nuclearelephant.com/projects/dosevasive/
- extract it
- apxs2 -i -a -c mod_dosevasive20
Configure the apache2
Edit your httpd.conf (usually located in /usr/local/apache/conf/httpd.conf):
DOSSystemCommand "/dir/command %s"
Then you can restart
- /etc/init.d/apache2 restart
Be carefull because the options are extremly important. For example if your web application use one file as a controller all the requests will go to this file you will got very often such errors:
client denied by server configuration
Here is a short help on the configuration options
- DOSHashTableSize: is the size of the table of URL and IP combined
- DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
- DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
- DOSPageInterval: is the interval that the hash table for IPs and URLs is erased (in seconds)
- DOSSiteInterval: is the intervale that the hash table of IPs is erased (in seconds)
- DOSBlockingPeriod: is the time the IP is blacked (in seconds)
- DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
- DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
- DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1