ModSecurity provides protection against common attacks on websites.
To install we should issue:
sudo yum install mod_security mod_security_crs
and then before production we should set 'SecRuleEngine On' to 'SecRuleEngine On'
vi /etc/httpd/conf.d/mod_security.conf
By default events will be logged to:
/var/log/httpd/modsec_audit.log
and rules (from mod_security_crs) can be found in:
/etc/httpd/modsecurity.d/activated_rules
while if you wish to create your own custom rules - these should be placed in:
/etc/httpd/modsecurity.d/local_rules
ModEvasive attempts to help with mitigating DoS/DDoS attacks.
Note: At this time I do not believe the mod_evasive module supports Event driven MPM (mpm_event_module) out of the box. However it should still work in prefork and worker modes.
You can verify which mode you are running it under with:
cat /etc/httpd/conf.modules.d/00-mpm.conf | grep LoadModule
To install we should issue:
sudo yum install mod_evasive
and then at the end of your httpd.conf file define your settings:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify [email protected]
</IfModule>
For changes to take effect we should ensure httpd is reloaded:
sudo service httpd reload
0 comments:
Post a Comment