在 RHEL6 上使用 Apache/2.2.15 和 mod_evasive 設定:
DOSHashTableSize 3097
DOSPageCount 14
DOSPageInterval 2
DOSSiteCount 70
DOSSiteInterval 1
DOSBlockingPeriod 60
不幸的是,它並沒有阻止這種攻擊,該攻擊僅來自 1 個 IP:
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:53 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
207.xxx.xxx.xxx - - [14/Jun/2015:06:06:54 +0400] "HEAD / HTTP/1.1" 200 - "-" "some fake user agent"
Mod_evasive 確實有效,但在其他情況下它會封鎖某些 IP。它不適用於 HEAD 請求嗎?
編輯:我的 apache 正在 prefork 模式下運行。從我讀到的內容來看,mod_evasive 有問題。
答案1
將變數修改為較低的值,14 確實很高。
DOSPageCount 3
由於攻擊來自同一個地方,因此您可以禁止該IP位址。
sudo iptables -t raw -I PREROUTING -s 207.x.x.x/32 -j DROP
或者你可以安裝 mod_security,設定它並將「一些假用戶代理」加入 bad_robots.data 檔案中,它將收到 401 禁止訊息。
筆記
DDoS 攻擊旨在消耗頻寬和資源。您可以禁止某個 IP 位址、使用 mod_evasive 將其鎖定或使用 401 拒絕其要求。 DDoS 將繼續消耗您的所有頻寬,同時仍使您的裝置處於離線狀態。最好的方法是聯絡您的 ISP 並要求他們封鎖違規 IP,或聯絡 Cloudflare 等 DDoS 緩解服務。您執行的任何其他操作都無法阻止 DDoS。
如果您持續遭受 DDoS 攻擊,請使用 DDoS 緩解服務。前面提到的方法都無法阻止 DDoS。