Quick way to install mod_qos on Debian Lenny to protect from Slowloris

Thursday, 18th February 2010

I’m gonna do a fast walk through on installing and enabling mod_qos on Debian, original article is available in Bulgarian on mpetrov’s blog .
So let’s go…
1. Install required development files and tools to be able to proper compile:

debian-server# apt-get install apache2-threaded-dev gcc

2. Download the mod_qos latest archive from sourceforge

debian-server# cd /usr/local/srcdebian-server# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.8.tar.gz

3. Unarchive (Untar) the mod_qos archive and compile the module

debian-server# tar zxvf mod_qos-9.8.tar.gz
debian-server# cd mod_qos-9.8/apache2/
debian-server# apxs2 -i -c mod_qos.c

You can see from the compile output module is installed to; usr/lib/apache2/modules

4. Now let us create mod_qos configuration files

debian-server# cd /etc/apache2/mods-available/
debian-server# echo "LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so" > qos.load

debian-server# vim /etc/apache2/mods-available/qos.conf

## QoS module Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>

5. All left is to load the mod_qos module into Apache and restart the webserver

debian-server# a2enmod qos
debian-server# /etc/init.d/apache2 restart

Congratulations, Now slowloris and many other Apache DoS techniques won’t bother you anymore!

Share this on:

Download PDFDownload PDF

Tags: , , , , ,

2 Responses to “Quick way to install mod_qos on Debian Lenny to protect from Slowloris”

  1. Marco says:
    Firefox 3.6.13 Firefox 3.6.13 Windows Vista Windows Vista
    Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729)

    Hi, I’ve installed the mod_qos but on the Apache logs I’ve this:

    *** glibc detected *** /usr/sbin/apache2: double free or corruption (!prev): 0x00000000023e53c0 ***
    ======= Backtrace: =========
    /lib/libc.so.6[0x7f97958939a8]
    /lib/libc.so.6(cfree+0x76)[0x7f9795895ab6]
    /usr/lib/libapr-1.so.0(apr_allocator_destroy+0x45)[0x7f9795daa7cb]
    /usr/lib/libapr-1.so.0(apr_pool_destroy+0x11a)[0x7f9795dab460]
    /usr/sbin/apache2[0x44d99e]
    /usr/sbin/apache2[0x44e0cb]
    /lib/libpthread.so.0[0x7f9795b81a80]
    /lib/libpthread.so.0(accept+0x4b)[0x7f9795b80a5b]
    /usr/lib/libapr-1.so.0(apr_socket_accept+0x91)[0x7f9795db18e7]
    /usr/sbin/apache2(unixd_accept+0x1d)[0x44efad]
    /usr/sbin/apache2[0x44dd64]
    /usr/sbin/apache2[0x44e064]
    /usr/sbin/apache2(ap_mpm_run+0xbd6)[0x44eca6]
    /usr/sbin/apache2(main+0x965)[0x425be5]
    /lib/libc.so.6(__libc_start_main+0xe6)[0x7f979583e1a6]
    /usr/sbin/apache2(apr_global_mutex_lock+0x41)[0x424e09]

    Have I done something wrong????

    Thanks…

    View CommentView Comment

Leave a Reply

CommentLuv badge