My Blog List

Saturday, 8 October 2011

How To Defend slowloris DDoS With mod_qos for Apache2.2 CentOS 5

Prepare your server to install mod_qos:


# yum install openssl-devel pcre-devel httpd-devel

Download mod_qos
# cd  ~root
# wget "http://downloads.sourceforge.net/project/mod-qos/mod_qos-9.71.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmod-qos%2Ffiles%2F&ts=1318107337&use_mirror=iweb"
# tar xvfz mod_qos-9.71.tar.gz
# cd mod_qos-9.71/apache2/

# apxs -i -c  mod_qos.c   
/usr/lib/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing  -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd  -I/usr/include/apr-1   -I/usr/include/apr-1   -c -o mod_qos.lo mod_qos.c && touch mod_qos.slo
mod_qos.c:673: warning: 'm_worker_mpm' defined but not used

/usr/lib/apr-1/build/libtool --silent --mode=link gcc -o mod_qos.la  -rpath /usr/lib/httpd/modules -module -avoid-version    mod_qos.lo
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr-1/build/libtool' mod_qos.la /usr/lib/httpd/modules
/usr/lib/apr-1/build/libtool --mode=install cp mod_qos.la /usr/lib/httpd/modules/
cp .libs/mod_qos.so /usr/lib/httpd/modules/mod_qos.so
cp .libs/mod_qos.lai /usr/lib/httpd/modules/mod_qos.la
cp .libs/mod_qos.a /usr/lib/httpd/modules/mod_qos.a
chmod 644 /usr/lib/httpd/modules/mod_qos.a
ranlib /usr/lib/httpd/modules/mod_qos.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/lib/httpd/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib/httpd/modules/mod_qos.so
-bash-3.2#

Open your httpd.conf:
# vi /etc/httpd/conf/httpd.conf

#Put in the line:
LoadModule qos_module /usr/lib/httpd/modules/mod_qos.so

Load configuration:
# vi /etc/httpd/conf.d/qos.conf

Paste these:
## QoS Settings
<IfModule mod_qos.c>
    # handles connections from up to 100000 different IPs
    QS_ClientEntries 100000
    # will allow only 50 connections per IP
    QS_SrvMaxConnPerIP 50
    # maximum number of active TCP connections is limited to 256
    MaxClients              256
    # disables keep-alive when 70% of the TCP connections are occupied:
    QS_SrvMaxConnClose      70%
   # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
    QS_SrvMinDataRate       150 1200
    # and limit request header and body (carefull, that limits uploads and post requests too):
    # LimitRequestFields      30
    # QS_LimitRequestBody     102400
</IfModule>


Restart your apache:
# service httpd stop
# service httpd start

Check the status: http://your-domain/server-status


More detail: http://opensource.adnovum.ch/mod_qos

Followers