I’m gonna do a fast walk through on installing and enabling mod_qos on Debian, original article is available in Bulgarian on mpetrov’s blog .
So let’s go…
1. Install required development files and tools to be able to proper compile:
debian-server# apt-get install apache2-threaded-dev gcc
2. Download the mod_qos latest archive from sourceforge
debian-server# cd /usr/local/srcdebian-server# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.8.tar.gz
3. Unarchive (Untar) the mod_qos archive and compile the module
debian-server# tar zxvf mod_qos-9.8.tar.gz
debian-server# cd mod_qos-9.8/apache2/
debian-server# apxs2 -i -c mod_qos.c
You can see from the compile output module is installed to; usr/lib/apache2/modules
4. Now let us create mod_qos configuration files
debian-server# cd /etc/apache2/mods-available/
debian-server# echo "LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so" > qos.load
debian-server# vim /etc/apache2/mods-available/qos.conf
## QoS module Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>
5. All left is to load the mod_qos module into Apache and restart the webserver
debian-server# a2enmod qos
debian-server# /etc/init.d/apache2 restart
Congratulations, Now slowloris and many other Apache DoS techniques won’t bother you anymore!
More helpful Articles
Tags: Debian, Install, lenny, protect, Quick, slowloris
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729)
Hi, I’ve installed the mod_qos but on the Apache logs I’ve this:
*** glibc detected *** /usr/sbin/apache2: double free or corruption (!prev): 0x00000000023e53c0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f97958939a8]
/lib/libc.so.6(cfree+0x76)[0x7f9795895ab6]
/usr/lib/libapr-1.so.0(apr_allocator_destroy+0x45)[0x7f9795daa7cb]
/usr/lib/libapr-1.so.0(apr_pool_destroy+0x11a)[0x7f9795dab460]
/usr/sbin/apache2[0x44d99e]
/usr/sbin/apache2[0x44e0cb]
/lib/libpthread.so.0[0x7f9795b81a80]
/lib/libpthread.so.0(accept+0x4b)[0x7f9795b80a5b]
/usr/lib/libapr-1.so.0(apr_socket_accept+0x91)[0x7f9795db18e7]
/usr/sbin/apache2(unixd_accept+0x1d)[0x44efad]
/usr/sbin/apache2[0x44dd64]
/usr/sbin/apache2[0x44e064]
/usr/sbin/apache2(ap_mpm_run+0xbd6)[0x44eca6]
/usr/sbin/apache2(main+0x965)[0x425be5]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f979583e1a6]
/usr/sbin/apache2(apr_global_mutex_lock+0x41)[0x424e09]
Have I done something wrong????
Thanks…
View CommentView CommentOpera/9.80 (X11; Linux x86_64; U; en) Presto/2.6.30 Version/10.63
Hi I think, it might be that the mod_qos is incompatible with this version of glibc you’re running.
My experience with mod_qos wasn’t great so I would advise you to check out mod_antiloris. I’ve blogged about how to add the mod_antiloris to Debian Lenny on the link below:
https://www.pc-freak.net/blog/protecting-debian-lenny-against-slowloris-denial-of-service-attack-with-mod_antiloris/
Hope that helps
View CommentView Comment