DOSHashTableSize 3097
DOSPageCount 3
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSEmailNotify test@test.com
DOSLogDir "/usr/local/apache2/logs/mod_evasive.log"
DOSSystemCommand "iptables -I INPUT -s %s -j DROP"
DOSWhitelist 127.0.0.1
</IfModule>
¸ðµâ¼³Á¤
¸ðµâ¼³Á¤¿¡ ´ëÇÑ ÀÚ·á´Â http://guni.loveyust.net/136 ¿¡¼ ÂüÁ¶ÇÏ¿´½À´Ï´Ù. ´Ù¸¸, DOSSystemCommand ¸¦ IPTABLES·Î Â÷´ÜÇϵµ·Ï ¸í·É¾î¸¦ º¯°æÇß½À´Ï´Ù. ÂüÁ¶Çϼ¼¿ä.
- DOSHashTableSize
°¢ ÀÚ½Ä Çؽ¬Å×ÀÌºí ¸¶´Ù ž·¹º§ ³ëµåÀÇ ¼ö¸¦ ÁöÁ¤ÇÑ´Ù.
¼öÄ¡°¡ ³ôÀ¸¸é ³ôÀ»¼ö·Ï ´õ ¸¹Àº ÆÛÆ÷¸Õ½º°¡ ³ªÅ¸³ªÁö¸¸ Å×ÀÌºí½ºÆäÀ̽º¿¡ ¸Þ¸ð¸®¸¦ ³²±â°Ô µÈ´Ù,
Á¢¼Ó·®ÀÌ ¸¹À¸¸é ÀÌ ¼öÄ¡¸¦ ³ôÇôµµ µÈ´Ù.
- DOSPageCount
ÀÌ°ÍÀº °°Àº ÆäÀÌÁö ¶Ç´Â URI, ÀÎÅ͹ú´ç ¿äû¼ö¿¡ ´ëÇÑ Ä«¿îÆ® ¼öÀÌ´Ù.
ÁöÁ¤µÈ °ªÀÌ ÃÊ°úµÇ¸é Ŭ¶óÀ̾ðÆ®¿¡ ´ëÇÑ IP Á¤º¸°¡ ºí·¯Å·¸®½ºÆ®¿¡ Ãß°¡µÈ´Ù.
- DOSSiteCount
ÁöÁ¤µÈ ½Ã°£µ¿¾È °°Àº ÆäÀÌÁö¸¦ ÁöÁ¤µÈ ¼ö º¸´Ù ÃÊ°úµÉ°æ¿ì IP Á¤º¸°¡ ºí·¯Å·¸®½ºÆ®¿¡ Ãß°¡µÈ´Ù.
- DOSPageInterval
ÆäÀÌÁö Ä«¿îÆ® ½Ã¹ßÁ¡, µðÆúÆ®´Â 1ÃÊÀÌ´Ù.
- DOSSiteInterval
»çÀÌÆ® Ä«¿îÆ® ½Ã¹ßÁ¡, µðÆúÆ®´Â ¿ª½Ã 1ÃÊÀÌ´Ù.
- DOSBlockingPeriod
Ŭ¶óÀ̾ðÆ®°¡ ºí·¢¸®½ºÆ®¿¡ Ãß°¡µÇ¾î ºí·¯Å·µÇ´Â ÃÑ ½Ã°£. À̶§ Ŭ¶óÀ̾ðÆ®´Â 403(Forbidden) ¿¡·¯¸¦ Ãâ·ÂÇÏ°Ô µÈ´Ù.
- DOSEmailNotify
ÀÌ °ªÀÌ ÁöÁ¤µÇ¸é, IP°¡ ºí·¯Å·µÉ¶§¸¶´Ù ÁöÁ¤µÈ À̸ÞÀÏ·Î ¹ßµ¿µÈ´Ù.
ÁÖÀÇ : ¸ÞÀÏ·¯´Â mod_dosevasive.c ¿¡ Á¤È®ÇÏ°Ô ÁöÁ¤µÇ¾ß ÇÑ´Ù. µðÆúÆ®´Â "/bin/mail -t %s" ÀÌ´Ù.
- DOSLogDir
·Î±× ÆÄÀÏ °æ·Î
- DOSSystemCommand
ÀÌ °ªÀÌ ÁöÁ¤µÇ¸é, ½Ã½ºÅÛÀº ¾ÆÀÌÇÇ°¡ ºí·¯Å·µÉ¶§¸¶´Ù ¸í·ÉÇàÀ» ½ÇÇàÇÑ´Ù.
- DOSWhitelist
Â÷´Ü¿¡¼ Á¦¿ÜµÉ È£½ºÆ®
DOSWhitelist 127.0.0.1
http://www.coldfusionfunnylog.com/blog/post.cfm/mod-evasive-protect-your-apache-from-ddos-attacks
¿¡¼ ÆÛ¿È