[1.] wget http://www.nuclearelephant.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
[2.] tar zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive_1.10.1
[3.] $APACHE_ROOT/bin/apxs -i -a -c mod_evasive20.c
[4.] vi /etc/httpd/conf/httpd.conf
LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097 # 記錄黑名單的尺寸
DOSPageCount 2 # 每個頁面被判斷為dos攻擊的讀取次數
DOSSiteCount 50 # 每個站點被判斷為dos攻擊的讀取部件(object)的個數
DOSPageInterval 1 # 讀取頁面間隔秒
DOSSiteInterval 1 # 讀取站點間隔秒
DOSBlockingPeriod 10 # 被封時間間隔秒DOSEmailNotify cross@ssorc.tw # email通知
DOSSystemCommand "su – someuser -c '/sbin/… %s …'" # 運行一個命令
DOSLogDir "/tmp/mod_dosevasive" # log目錄
DOSWhitelist 127.0.0.1
DOSWhitelist 127.0.0.*
</IfModule>
[5.] apachectl restart
[6.] mod_evasive本身附上了 test.pl來測式連線
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "127.0.0.1:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0 ";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
執行 perl test.pl
ref: http://service.jnyzh.cn/data/2005/1228/article_44.htm
ref: http://www.be10.com/vbb3.0.1/showthread.php?p=2949
ref: http://blog.donews.com/zzw45/category/78367.aspx?PageNumber=2
或是連線數限制: http://blog.donews.com/zzw45/archive/2005/11/03/613639.aspx
留言