Configure Mod Evasive
The goal of this lab is to configure the
mod_evasive module for the Apache Web Server. First, we install and load
mod_evasive. Its installation includes a default configuration file with values we can modify. One thing to configure is how many times a person can reload our site until they are denied. The conditions of the lab include the following.
- firewalld is already running.
- SSH is port 61613 which we need to connect to the server.
- Apache is running on port 80.
- Port 80 is already open.
- SELinux is in enforcing mode.
- The front end and back end are both up and running.
- The back end is running on port 65535.
Configure Mod Evasive
Web servers are subject to DOS and DDOS attacks. Sometimes if the attackers have sufficient bandwidth, there's very little to nothing we can do to stop them. Most of the time, we are capable of implementing a set of countermeasures which will be used in a proactive way to prevent DOS attacks, DDOS attacks, and web scraping. For this purpose, we install and load
mod_evasive. It's capable of determining how many times within a predefined time interval the site can be accessed, how many times a specific URI be accessed within a given time interval, and much more.
Connecting to the Lab
Begin by logging in to the lab server using the credentials provided on the hands-on lab page.
ssh cloud_user@PUBLIC_IP_ADDRESS -p 61613
sudo yum install mod_evasive
Inform Apache of the New Module
Open the configuration file.
sudo vim /etc/httpd/conf/httpd.conf
Run a search for "conf.d".
Verify the configuration file has the following line.
If any changes were made, save the file. Then exit the editor.
Verify the existence of the
sudo vim mod_evasive.conf
Find the entry for
DOSSiteCountand reduce its value to 40.
Save the changes and exit the editor.
Test the Configuration
Open a browser and navigate to the public IP address of the server. The full address should be PUBLIC_IP/index.html
Reload the page multiple times. Verify the page still loads.
Return to the console and apply the configuration file.
sudo systemctl restart httpd
Navigate back to the website and continue reloading the page until the reload is denied access.
Congratulations, you've completed this hands-on lab!