How to Use mod_security and mod_evasive Modules to Secure and Prevent DoS , DDoS and Brute Force attacks in Apache Webserver

Statement : Use mod_security and mod_evasive Modules to Secure Apache

Environment : Apache webserver  

-          Mod_security :

§  It will act as Firewall for web application and allow to monitor the traffic on real time basis

§  It also protects the website or web server from brute force attacks

§  Install the Mod_security directive

-          Install mod_security on Ubuntu/Debian

o   $ sudo apt-get install libapache2-modsecurity

o   $ sudo a2enmod mod-security

o   $ sudo /etc/init.d/apache2 force-reload

-          Install mod_security on RHEL/CentOS/Fedora/

o   # yum install mod_security

o   # /etc/init.d/httpd restart

-          Mod_evasive

§  It handle the DoS

§  it handles the DDoS atatcks

§  It handles the Brute force attacks

§  This module detects three atatcks

o   If Multiple requests comes to a same page in a few times per second.

o   If child process creates more than 50 concurrent requests.

o   If temporarily blacklisted IP is trying to make new requests

Protect DDOS attacks in Apache Webserver

Statement :Below directives will help to prevent the DoS attacks and completely cannot be prevented

Environment : Apache webserver

Solution :

-          Set the TimeOut :. 

                     - Its default value is 300 secs, set the value to lower depending on the website functionalities.

                    - This will wait for the certain amount of time to complete the event. post the request will be                    Failed.

                    

-          MaxClients : 

                    - Default value is 256 , set this value to lower to prevent DoS atatcks

                    -  It allows you to set the no of maximum connection and to be served simultaneously.

                    - Once the limit cross the every new connection will be queued up.

-          KeepAliveTimeout : 

                   - Default value is 5 sec

                   - Default value indicates the amount of time server will wait for the subsequent request before               closing the connection

-          LimitRequestFields : default value is 100 , set this value to lower to prevent DoS atatcks

-          LimitRequestFieldSize : it helps to set a size limit on the http request headers.

Turn off Server Side Includes and CGI Execution in Apache Webserver

Environment: Apache webserver

Solution :

-          Steps to turn off server side includes (mod_include)

-          And CGI execution

-          Modify the httpd.conf  or apache2.conf file in the main configuration file.

-          This can be applied to root directory or specific directory

-          Open the main configuration file and add the below details

Options -Includes -ExecCGI

Or

Options -Includes -ExecCGI

-          Restart the server. That’s it!.