Defending Apache on FreeBSD from Slowloris Denial of Service Attack (DoS) with mod_antiloris

Monday, 3rd May 2010

Here is a quick way to defend FreeBSD 7.2-RELEASE-p4 system from the Recent Apache Slowloris Denial of Service.

1. Install the mod_antiloris freebsd Port

freebsd# cd /usr/ports/www/mod_antiloris
freebsd# make install clean

2. Edit your /usr/local/etc/httpd.conf

Find the following line in your bsd httpd.conf:

#LoadModule antiloris_module libexec/apache2/mod_antiloris.so

As you can see the LoadModule line loading the mod_antiloris slowloris Denial of Service prevention is commented,so you will have to uncomment it to read as:

freebsd# vim /usr/local/etc/httpd.conf
LoadModule antiloris_module libexec/apache2/mod_antiloris.so

Next we restart the Apache Webserver in order to load the newly enabled module mod_antiloris in Apache.
However before the Apache restart, we check Apache configurations are fine to be sure Apache will re-launch,after restart.

freebsd# /usr/local/etc/rc.d/apache2 configtest
Performing sanity check on apache2 configuration:
Syntax OK

Now as we have assured ourselves Apache httpd.conf syntax is fine we restart the Webserver.
freebsd# /usr/local/etc/rc.d/apache2 restart
Syntax OK
Stopping apache2.
Waiting for PIDS: 60920.
Performing sanity check on apache2 configuration:
Syntax OK
Starting apache2.

Of course all the above simplified install example assumes your port tree is uptodate.
I did the install on my FreeBSD box:
FreeBSD pcfreak 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386

If your ports tree is update the upper install mod_antiloris FreeBSD install guide will be all you need.
Yet if your port tree is not update you might consider updating your port tree before you proceed.

You might like to use my FreeBSD 7.2 stable supfile downloadable from here

To update simply using the my FreeBSD 7.2 supfile then issue the followingcommands:

freebsd# cd /etc/
freebsd# fetch https://www.pc-freak.net/files/stable-supfile-7.2
freebsd# csup -g -L 2 /etc/stable-supfile-7.2

There as you should have the latest stable port tree for FreeBSD 7.2, then just continue step by step from as explained in Step 1. hereinbefore.
I’m convinced the installation on FreeBSD 7, 7.x and FreeBSD 8 and 8.x will be analogous.
So I hope this small article will be helpful to somebody of the FreeBSD novice crowd out there.

If you want to be absolutely sure The Apache is Secured against the Slowloris attack on your FreeBSD box, download the slowloris denial of service attack tool andissue Attack against your Apache Web Server.

perl slowloris.pl -dns yourdomainname.com -port 80 -timeout 1 -num 300 -cache

That’s all folks!

Share this on:

Download PDFDownload PDF

Tags:

3 Responses to “Defending Apache on FreeBSD from Slowloris Denial of Service Attack (DoS) with mod_antiloris”

  1. Eugenio Posey says:
    Internet Explorer 5.5 Internet Explorer 5.5 Windows 2000 Windows 2000
    Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

    Super great article. Honestly!

    View CommentView Comment
  2. hackerzy says:
    Internet Explorer 6.0 Internet Explorer 6.0 Windows 2000 Windows 2000
    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

    any one helps me how to recover my hacked password on my blog? a guy cracked my FB pass and got into my account …help please !

    View CommentView Comment

Leave a Reply

CommentLuv badge