os Sulinux 1.5
Dos공격 방어 (mod_evasive) 설치
# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
# tar xvzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# /usr/local/apache/bin/apxs -iac mod_evasive20.c
http.conf
<ifModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 3
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
</IfModule>
dos 차단 테스트
[root@mail mod_evasive]# perl test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
..생략...
# cd /tmp
# ls -al | grep 127.0.0.1
-rw-r--r-- 1 nobody 4294967295 6 3월 13 14:04 dos-127.0.0.1
위와 같이 test.pl 실행하면 HTTP/1.1 403 Forbidden 메세지를 보여주고 접속 차단
/tmp에 저장 127.0.0.1 에서 DOS 공격이 차단 됐다는
dos-127.0.0.1파일이 생성 됐다는것이다
두번째방법으로 웹에서 새로고침 누르면
처음에 접속이 됐다가 두번째는 접속이 불가능
인가된 IP주소 할당
DOSWhitelist 127.0.0.1
DOSWhitelist 127.*.*.*
와일드카드(*)는 필요하다면 최대 xxx.*.*.* 까지 사용할 수 있다.