您的位置:首页 > 理论基础 > 计算机网络

apache2.4.4预防DDOS模块扩展安装全攻略(or httpd2.4.4)

2013-07-20 19:55 344 查看
主要是先看配置文件的中文注释:

========================================================================

DOSHashTableSize 3097 这个是G数量。

DOSPageCount 5 同一个用户间隔时间内对同一页面的访问次数。超出则返回403信息

DOSSiteCount 80 同一个用户间隔时间内同时并发连接数是80 超出限制泽返回403信息 具体根据站点需求,如果是FTP下载站或图片资源站可能需要大点

DOSPageInterval 2 同一页面间隔统计

DOSSiteInterval 2 全站间隔时间

DOSBlockingPeriod 600 被封锁的时间是600秒

DOSLogDir "/var/log/mod_evasive" 日志文件的存放位置。

#DOSWhitelist 127.0.0.1

#DOSWhitelist 192.168.0.*这个就是白名单,这里的ip就不受上面的限制。

[root@102 ~]# touch /var/log/mod_evasive 这样就可以了。

实践情况,如下:

#wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
#tar zxvf mod_evasive_1.10.1.tar.gz

#cd mod_evasive

vim mod_evasive20.c(安装前先修改日志目录,该模块无法在配置中修改日志目录,故请在编译前修改好实际配置)

/*

#define DEFAULT_HASH_TBL_SIZE 3097ul // Default hash table size

#define DEFAULT_PAGE_COUNT 2 // Default maximum page hit count per interval

#define DEFAULT_SITE_COUNT 50 // Default maximum site hit count per interval

#define DEFAULT_PAGE_INTERVAL 1 // Default 1 Second page interval

#define DEFAULT_SITE_INTERVAL 1 // Default 1 Second site interval

#define DEFAULT_BLOCKING_PERIOD 10 // Default for Detected IPs; blocked for 10 seconds

#define DEFAULT_LOG_DIR "/tmp" // Default temp directory

*/

#define DEFAULT_HASH_TBL_SIZE 6195ul // Default hash table size

#define DEFAULT_PAGE_COUNT 2 // Default maximum page hit count per interval

#define DEFAULT_SITE_COUNT 50 // Default maximum site hit count per interval

#define DEFAULT_PAGE_INTERVAL 1 // Default 1 Second page interval

#define DEFAULT_SITE_INTERVAL 1 // Default 1 Second site interval

#define DEFAULT_BLOCKING_PERIOD 500 // Default for Detected IPs; blocked for 10 seconds

#define DEFAULT_LOG_DIR"/usr/local/apache2/logs" // Default temp directory

执行安装方法具体根据实际apache文件路径(/usr/local/apache2/bin/apxs -i -c mod_evasive20.c 或者 /usr/local/apache2/bin/apxs -i -a -c ./mod_evasive20.c)

我采用是是后者 如下

/usr/local/apache2/bin/apxs -i -a -c ./mod_evasive20.c

但很不幸出现了如下错误:

./mod_evasive20.c: In function 'access_checker':

./mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:212: warning: implicit declaration of function 'getpid'

./mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip'

./mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip'

apxs:Error: Command failed with rc=65536

百度 谷歌搜索了好久么有找到办法,最后

把 mod_evasive20.c文件里 142、146、158、165、180、187、208、212、215、221、222、228行

对应的remote_ip修改成client_ip 保存 重新 安装即可

出现如下信息证明一切安装成功:

Libraries have been installed in:

/usr/local/apache2//modules

If you ever happen to want to link against installed libraries

in a given directory, LIBDIR, you must either use libtool, and

specify the full pathname of the library, or use the `-LLIBDIR'

flag during linking and do at least one of the following:

- add LIBDIR to the `LD_LIBRARY_PATH' environment variable

during execution

- add LIBDIR to the `LD_RUN_PATH' environment variable

during linking

- use the `-Wl,-rpath -Wl,LIBDIR' linker flag

- have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for

more information, such as the ld(1) and ld.so(8) manual pages.

----------------------------------------------------------------------

chmod 755 /usr/local/apache2//modules/mod_evasive20.so

注:apxs 用于编译模块工具;如果是用系统自带的软件包,一般位于/usr/sbin目录。如果您是自己编译安装Apache(httpd)的,你应该自己来指定路径;

安装完成之后会在/usr/local/apache2/conf/httpd.conf文件中,默认添加一行

<IfModule mod_ssl.c>

Include conf/ssl.conf

</IfModule>

vi /usr/local/apache2/conf/httpd.conf

LoadModule evasive20_module modules/mod_evasive20.so

<IfModule mod_evasive20.c>

DOSHashTableSize 6195

DOSSiteCount 50

DOSPageCount 2

DOSPageInterval 1

DOSSiteInterval 1

DOSBlockingPeriod 10

DOSLogDir "/usr/local/apache2/logs"

#bai ming dang

DOSWhiteList 127.0.0.1

DOSWhiteList 127.0.0.*

</IfModule>

之后重启apache。

相关参数说明:

DOSHashTableSize 3097:定义哈希表大小。

DOSPageCount 2:允许客户机访问同一页的间隔。

DOSSiteCount 50:允许客户机的最大并发连接。

DOSPageInterval 1:网页访问计数器间隔。

DOSSiteInterval 1:全站访问计数器间隔。

DOSBlockingPeriod 10:加入黑名单后拒绝访问时间。

四、对mod_evasive测试验证

可以使用apache的ab工具,也可以使用evasive解压目录中的test.pl脚本测试。

ab工具:ab -n 1000 -c 50 http://www..bz/
perl: perl test.pl

下面是采用APACHE自带测试工具进行的简单模拟并发测试

/usr/local/apache2/bin/ab -n10000 -c1000 http://2**.25*.**.**/phpinfo123151.php
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking 2**.25*.**.** (be patient)

Completed 1000 requests

Completed 2000 requests

Completed 3000 requests

Completed 4000 requests

Completed 5000 requests

Completed 6000 requests

Completed 7000 requests

Completed 8000 requests

Completed 9000 requests

Completed 10000 requests

Finished 10000 requests

Server Software: Apache

Server Hostname: 2**.25*.**.**

Server Port: 80

Document Path: /phpinfo123151.php

Document Length: 219 bytes

Concurrency Level: 1000

Time taken for tests: 3.934 seconds

Complete requests: 10000

Failed requests: 8

(Connect: 0, Receive: 0, Length: 8, Exceptions: 0)

Write errors: 0

Non-2xx responses: 9992

Total transferred: 4273472 bytes

HTML transferred: 2633120 bytes

Requests per second: 2542.04 [#/sec] (mean)

Time per request: 393.385 [ms] (mean)

Time per request: 0.393 [ms] (mean, across all concurrent requests)

Transfer rate: 1060.87 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median max

Connect: 0 9 14.9 3 83

Processing: 2 157 432.0 20 3018

Waiting: 0 151 432.8 14 3018

Total: 4 166 438.8 25 3098

Percentage of the requests served within a certain time (ms)

50% 25

66% 31

75% 35

80% 39

90% 446

95% 1461

98% 1708

99% 2382

100% 3098 (longest request)

以下是在另一台机器上的测试

D:\APMServ5.2.6\Apache\bin>ab.exe -n10000 -c1000 http://http://192.168.1.104/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licens

D:\APMServ5.2.6\Apache\bin>ab.exe  -n10000 -c1000 http://192.168.1.104/

http://192.168.1.104/
效果果然成了:

Forbidden

You don't have permission to access / on this server.

Apache/2.0.59 (Unix) PHP/5.2.6 Server at 192.168.1.104 Port 80

而在这个机器上:

root@192.168.1.104:~ curl "http://192.168.1.104/"

...

<title>Test Page for Apache Installation</title>

...

依然正常,说明该模块生效。

发现,没有出现这个文件夹,估计是权限的问题,于是:

chmod -R 777 /usr/local/apache2/logs/

再使用:

tail -f /usr/local/apache/logs/error_log中日志如下:

[Mon Jan 10 13:16:45 2011] [error] [client 192.168.1.94] client denied by server configuration: /usr/local/apache/htdocs/logo.png

root@192.168.1.104:~ /usr/local/apache2/logs # ls

dos-192.168.1.101

本机测试:

root@192.168.1.104:~/usr/local/apache2/bin # ./ab -n10000 -c1000 http://192.168.1.104/
后再看这个页面的情况:

root@192.168.1.104:~/usr/local/apache2/bin # curl "http://192.168.1.104/"

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

<p>You don't have permission to access /

on this server.</p>

<hr>

<address>Apache/2.0.59 (Unix) PHP/5.2.6 Server at 192.168.1.104 Port 80</address>

</body></html>

看日志,在服务器的 /usr/local/apache/logs/目录下会有

dos-192.168.1.94这样的文件生成[一般是dos加ip],果然有,如下:

ls /usr/local/apache/logs/

dos-192.168.1.101 dos-192.168.1.104

查看日志多了一个:

dos-192.168.1.104

再看:

tail -f /usr/local/apache2/logs/error_log中日志如下:【注意:是错误日志在apache2/Logs,在第在apache2中】

bogon:/usr/local/apache/logs # tail /usr/local/apache2/logs/error_log

[Tue Aug 23 07:00:26 2011] [error] [client 192.168.1.104] client denied by server configuration: /usr/local/apache2/htdocs/

[Tue Aug 23 07:00:26 2011] [error] [client 192.168.1.104] client denied by server configuration: /usr/local/apache2/htdocs/

。。。

========================================================================

以下是这位兄弟的,看自己的不明白再看他的罢,以下来源:
http://hi.baidu.com/suantop/blog/item/33f392a423bbbbe59152ee01.html
安装modsecurity(mod_security 可以加强apache的安全性特别是在防sql 注入上有很好的效果。):

# tar zxvf

modsecurity-apache-1.9.tar.gz

# cd modsecurity-apache-1.9/apache2/

# /apache2/bin/apxs -cia mod_security.c

打开httpd.conf加入

查看是否有

LoadModule security_module modules/mod_security.so

如没有则加上去

添加一段mod_security的配置文件

<IfModule mod_security.c>

SecFilterEngine On

SecFilterCheckURLEncoding

On

SecFilterDefaultAction "deny,log,status:500"

#SecFilterForceByteRange

32 126

#SecFilterScanPOST On

SecAuditLog

logs/audit_log

###

SecFilter "\.\./"

#####

SecFilter

/etc/*passwd

SecFilter /bin/*sh

#for css attack

SecFilter "<( |

)*script"

SecFilter "<(.| )+>"

#for sql attack

SecFilter "delete[

]+from"

SecFilter "insert[ ]+into"

SecFilter "select.+from"

SecFilter

"union[ ]+from"

SecFilter "drop[ ]"

</IfModule>
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: