A Guide to Implementing Rate Limiting with mod_evasive

Overview

In today’s digital age, where web services are integral to business operations, ensuring the availability and security of these services against potential threats has become paramount. One of the most prevalent threats to web service availability is the Denial of Service (DoS) attack, which aims to overwhelm a website with traffic, rendering it inaccessible to legitimate users. To combat this, web administrators must employ robust defense mechanisms. Among the various tools and techniques available, configuring rate limiting on web servers is an effective strategy to mitigate such attacks. Apache, one of the most widely used web servers, offers a module named mod_evasive specifically designed for this purpose.

This blog post aims to provide a comprehensive, step-by-step guide on how to leverage mod_evasive to protect your Apache server from DoS attacks, ensuring that your web services remain available and performant under adversarial conditions.

Introduction

Configuring Apache to handle high traffic and prevent Denial of Service (DoS) attacks is crucial for maintaining the availability and performance of your web services. One effective tool for this purpose is mod_evasive, an Apache module designed to detect and mitigate excessive requests from a single IP address or range of IP addresses. In this blog post, I’ll guide you through installing, configuring, and testing mod_evasive on your Apache server.

Step-by-Step Guide

Step 1: Install mod_evasive

On Debian/Ubuntu Systems:

1. Update your package list:

2. Install mod_evasive:

3. Enable the module (if it’s not automatically enabled):

On CentOS/RHEL Systems:

1. You may need to add the EPEL repository:

2. Install mod_evasive:

Step 2: Configure mod_evasive

1. Locate the mod_evasive configuration file. This will typically be found at /etc/apache2/mods-available/evasive.conf on Debian/Ubuntu or /etc/httpd/conf.d/mod_evasive.conf on CentOS/RHEL.
2. Open the configuration file in your favorite editor (for example, using nano):

3. Configure the directives according to your needs. Here are some common settings:

• DOSHashTableSize: The size of the hash table for tracking. A larger size can improve performance by spreading out the data. The default is 2048.
• DOSPageCount: Threshold for the number of requests for the same page (or URI) per second. Crossing this limit could indicate an attack.
• DOSSiteCount: Threshold for the total number of requests for any object by the same client on the same listener per second.
• DOSPageInterval: The interval for the DOSPageCount threshold.
• DOSSiteInterval: The interval for the DOSSiteCount threshold.
• DOSBlockingPeriod: The time (in seconds) that a client will be blocked if they are added to the blacklist.

Example configuration:

4. Save and close the file.

Step 3: Restart Apache

To apply the changes, restart Apache:

• On Debian/Ubuntu:

• On CentOS/RHEL:

Step 4: Testing mod_evasive

To test if mod_evasive is working correctly, you can use a tool like siege or simply script multiple rapid requests to your server:

If mod_evasive is configured properly, you should receive a 403 Forbidden response after a certain number of requests, indicating that the IP has been temporarily blocked.

Conclusion

This guide has walked you through the installation, configuration, and testing of mod_evasive, providing you with the knowledge to enhance your server’s defenses. Remember, the digital landscape is constantly evolving, and so are the tactics of adversaries. Therefore, continuously monitoring your server’s performance and adjusting your security measures accordingly is essential. Following the steps outlined in this guide and adopting a proactive approach to server security, you can ensure that your web services remain resilient against threats, providing a reliable and secure experience for your users.

Drop a query if you have any questions regarding Apache server and we will get back to you quickly.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.