Mod_Evasive Directives and explaination of each one
| DOSHashTableSize | specifies the size of hash table |
| DOSPageCount | sets the limit for the number of requests for the same page (or URI) |
| DOSSiteCount | sets the limit for the total number of requests for any object by the same client on the same listener |
| DOSPageInterval | sets the interval for the page count threshold |
| DOSSiteInterval | sets the interval for the site count threshold |
| DOSBlockingPeriod | sets the time that a client will be blocked for if they are added to the blocking list |
| DOSSystemCommand | pecifies the system command to be executed whenever an IP address becomes blacklisted |
| DOSCloseSocket | closes network connection socket if the directive state is On |
DOSHashTableSize
DOSHashTableSize directive defines the hash table size, i.e. the number of top-level nodes for each child’s hash table. Increasing this number will provide faster performance by decreasing the number of iterations required to get to the record, but will consume more memory for table space. It is advisable to increase this parameter on heavy load web servers.
Syntax
DOSHashTableSize 1024|value
Example
#increase size of hash table for large servers
DOSHashTableSize 2048
DOSPageCount
DOSPageCount directive sets the threshold for the number of requests for the same page (or URI) per page interval. Once the threshold for that interval has been exceeded, the client IP address is added to the blocking list.
Syntax
DOSPageCount value
Example
DOSPageCount 10
DOSSiteCount
DOSSiteCount directive sets the threshold for the total number of requests for any object by the same client on the same listener per site interval. Once the threshold for that interval has been exceeded, the client IP address is added to the blocking list.
Syntax
DOSSiteCount value
Example
DOSSiteCount 150
DOSPageInterval
DOSPageInterval directive sets the interval for the page count threshold. The interval is specified in seconds and may be a real number.
Syntax
DOSPageInterval value
Example
DOSPageInterval 1.5
DOSSiteInterval
DOSSiteInterval directive sets the interval for the site count threshold. The interval is specified in seconds and may be a real number.
Syntax
DOSSiteInterval value
Example
DOSSiteInterval 1.5
DOSBlockingPeriod
DOSBlockingPeriod directive sets the amount of time that a client will be blocked for if they are added to the blocking list. During this time, all subsequent requests from the client will result in 403 (Forbidden) response and the timer will be reset (e.g. for another 10 seconds). Since the timer is reset for every subsequent request, it is not necessary to have a long blocking period; in the event of a DoS attack, this timer will keep getting reset.
The interval is specified in seconds and may be a real number.
Syntax
DOSBlockingPeriod value
Example
DOSBlockingPeriod 10.7
DOSSystemCommand
DOSSystemCommand directive specifies the system command to be executed whenever an IP address becomes blacklisted.
Syntax
DOSSystemCommand value
Example
DOSSystemCommand “cscript addFirewallRuleByIP.vbs IP=%s”
DOSCloseSocket
DOSCloseSocket directive instructs mod_evasive to send 403 code and close connection socket. It means an attacker will have to create new connection and it’s pretty good for you as it takes some time.
Syntax
DOSCloseSocket On|Off
Example
DOSCloseSocket On
Related posts:
Share This Post
4 Comments
Jan 27, 201211:51 am
UvT0b3 tnngeirbmrku
Jan 29, 201211:06 am
fgjCCU xiflhxmnzhor
« preventing dos attacks with mod_evasive Next Post
Microsoft Dot Net FrameWork Version 4.0 release »
Blog RSS Feed
Subscribe via E-mail
12:23 am
This is both street smart and inetlielgnt.