Wednesday, 28 August 2013

Mod_Evasive DOS protection configuration options for high traffic website running apache

Mod_Evasive DOS protection configuration options for high traffic website
running apache

I was wondering if anyone here use mod_evasive on a high traffic website?
Lets say 10k unique visitors/Day.
I am using the following settings but im afraid that it can block normal
visitors which I dont want to.
DOSHashTableSize 309700
DOSPageCount 10
DOSSiteCount 150
DOSPageInterval 3
DOSSiteInterval 5
DOSBlockingPeriod 10
Also, any other good programs to ease up the attack DDOS attacks? Beside
Mod_evasive, fail2ban,
DOSHashTableSize
standard "3097" The hash table size defines the number of top-level nodes
for each child's hash table. Increasing this number will provide faster
performance by decreasing the number of iterations required to get to the
record, but consume more memory for table space. You should increase this
if you have a busy web server. The value you specify will automatically be
tiered up to the next prime number in the primes list (see mod_evasive.c
for a list of primes used).
DOSPageCount
This is the threshhold for the number of requests for the same page (or
URI) per page interval. Once the threshhold for that interval has been
exceeded, the IP address of the client will be added to the blocking list.
DOSSiteCount
This is the threshhold for the total number of requests for any object by
the same client on the same listener per site interval. Once the
threshhold for that interval has been exceeded, the IP address of the
client will be added to the blocking list.
DOSPageInterval
The interval for the page count threshhold; defaults to 1 second intervals.
DOSSiteInterval
The interval for the site count threshhold; defaults to 1 second intervals.
DOSBlockingPeriod
The blocking period is the amount of time (in seconds) that a client will
be blocked for if they are added to the blocking list. During this time,
all subsequent requests from the client will result in a 403 (Forbidden)
and the timer being reset (e.g. another 10 seconds). Since the timer is
reset for every subsequent request, it is not necessary to have a long
blocking period; in the event of a DoS attack, this timer will keep
getting reset.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)