====== DDOS ======

Mitigate from DDoS with mod_security and mod_evasive

----

===== Install Mod Security Apache Module =====

===== Install Mod Security =====

<code bash>
yum install mod_security
</code>

----

===== Download latest OWASP ruleset =====
 
From the site http://spiderlabs.github.io/owasp-modsecurity-crs/

<code bash>
tar xfz SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb.tar.gz
</code>

----

===== Remove the one that was installed by the binary mod_security package. =====

<code bash>
rm -rf /etc/httpd/modsecurity.d
mv SpiderLabs-owasp-modsecurity-crs-2.2.8-0-g0f07cbb /etc/httpd/modsecurity.d
</code>

----

===== Edit the /etc/httpd/conf.d/mod_security.conf =====


----

===== Install mod_evasive Apache Module =====

Build mod_evasive binary from the source.

<code bash>
yum install gcc make libxml2 libxml2-devel httpd-devel pcre-devel curl-devel
</code>

Install mod_evasive.

<code bash>
cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive
</code>

Now, you need to find where apxs is installed.

<code bash>
rpm -ql httpd-devel |grep apxs
# /usr/sbin/apxs  // Output from the command above
/usr/sbin/apxs -cia mod_evasive20.c
</code>

Libraries have been installed in:
   /usr/lib64/httpd/modules

Add the following block in the /etc/httpd/conf/httpd.conf

<file bash /etc/httpd/conf/httpd.conf>
# mod_evasive
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2 
DOSSiteCount        50
DOSPageInterval     1 
DOSSiteInterval     1
DOSBlockingPeriod   60
# If you wish to receive email notification, modify & uncomment below.
#DOSEmailNotify notify@mydomain.com
</IfModule>
</file>

----

===== Restart Apache =====

<code bash>
service httpd restart
</code>

----

===== References =====

http://www.webtrafficexchange.com/how-mitigate-ddos-modsecurity-and-modevasive-centos-6