Source: How to install mod_evasive in cPanel server? | CryBit
Mod evasive is an Apache module which provide evasive action in case of any Denial Of Service attack or in case of any brute-force attack. It helps to protect the server from DOS or DDOS attacks. Mod evasive prevents any single IP address from any of the following:
原文(source): Installing mod_evasive on a cPanel server - Tech Notes
This guide will show you how to correctly install a module not available in EasyApache. Most guides do not show you how to correctly install the module so that it’s present when EasyApache restarts Apache. The trick is in using /scripts/after_apache_make_install to build the module, otherwise it won’t be present in the new apache module’s directory. The first step is going to get the module currently installed and working on the system:
原文(source): Using Nginx module to fight against DDoS attacks - Infosecurity
Many people have faced the DDoS attacks and HTTP flooding. No, this is not just another tutorial on setting up nginx, but I would like to introduce my module that works as a quick filter between the bots and backend during L7 DDoS attacks, as well it allows filtering the garbage requests.
原文(source): Nginx Reverse Proxy HTTP Flood - Hosting Security and Technology - Web Hosting Talk
Request limit module -- http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
Combined with the above and the information from this guide http://umumble.com/blogs/Infosecurity/using-nginx-module-to-fight-against-ddos-attacks/
Including Varnish would be a great way to stop HTTP Based Floods. how ever such setup is not perfect and could require adjustments depending on the flood type. How ever voxility deploy a similar solution to the one above and utilize it as part of their DDoS Protection Service.
原文(source): Web Hosting Talk - View Single Post - FEATURED wp-login.php issue
You should be able to install Varnish to help limit wp-login.php access.
You should be able to configure default.vlc to not cache website and pass requests.
Varnish is capable of having modules, called Vmods.
The Throttle Vmod can throttle requests to files, ie Wordpress login, Drupal login, Joomla and other CMS's.
Here are the Links.
https://www.varnish-cache.org/vmod/throttle
https://github.com/nand2/libvmod-throttle
If requests are hitting Varnish, Apache load will drop significantly.
It beats having to ask all your customers to apply .htaccess ip login. Plus it prevent, "My IP changed and can't login" tickets.
Just an idea.
原文(source): 以 mod_evasive 阻擋 D.o.S 攻擊 - OpenFoundry
mod_evasive 是 apache 的 3rd party 模組,apache 官方並未提供相關的模組。mod_evasive 主要的防治原理是利用一個 HASH TABLE 的資料結構來儲存相的 HTTP 要求 (Request),而後利用下列規則來決定是否要拒絕對方的連線。
*在一定的時間區間內,同一個來源的 IP 是否存取同一個頁面是否超過所設定的次數。(如設定同一個 IP 在同一個頁面中,5 秒內僅能存取 10 次,超過此次數時會拒絕該來源 IP 的連線)
*在一定的時間區間內,限制同一個來源的 IP 最大的 HTTP 存取數量。