在 RHEL6 上使用带有 mod_evasive 配置的 Apache/2.2.15:
DOSHashTableSize 3097
DOSPageCount 14
DOSPageInterval 2
DOSSiteCount 70
DOSSiteInterval 1
DOSBlockingPeriod 60
不幸的是它没有阻止这次攻击,该攻击仅来自 1 个 IP:
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
Mod_evasive 确实有效,但在其他情况下会阻止某些 IP。它对 HEAD 请求不起作用吗?
编辑:我的 apache 正在以 prefork 模式运行。据我所知,mod_evasive 存在问题。
答案1
将变量修改为更低的值,14 确实很高。
DOSPageCount 3
由于攻击来自同一位置,因此您可以禁止该 IP 地址。
sudo iptables -t raw -I PREROUTING -s 207.x.x.x/32 -j DROP
或者您可以安装 mod_security,进行设置并将“一些虚假的用户代理”添加到 bad_robots.data 文件中,它将受到 401 禁止的欢迎。
笔记
DDoS 攻击的目的是消耗带宽和资源。您可以禁止某个 IP 地址,使用 mod_evasive 将其锁定,或使用 401 拒绝其请求。这些方法都无法阻止 DDoS。DDoS 将继续消耗您的所有带宽,同时仍使您的设备处于离线状态。最好的方法是联系您的 ISP,并要求他们将违规 IP 列入黑洞,或联系 DDoS 缓解服务(如 cloudflare)。您所做的其他任何事情都无法阻止 DDoS。
如果您持续遭受 DDoS 攻击,请使用 DDoS 缓解服务。前面提到的方法都无法阻止 DDoS。