URGENT SUPPORT
NONURGENT SUPPORT

wesupport

CLIENT AREA
1-800-383-5193

25% off on first invoice for all services*

SPRING SALE

CHAT WITH US

Use coupon

*Offer valid for new customers only

25% off on first invoice for all services*

SPRING SALE

CHAT WITH US

Use coupon

*Offer valid for new customers only

Need help?

Our experts have had an average response time of 11.43 minutes in March 2024 to fix urgent issues.
GET HELP RIGHT NOW

We will keep your servers stable, secure, and fast at all times for one fixed price.

SEE SUPPORT PLANS

Prevent DDoS in Apache – Steps to safeguard your web server from DDoS

by | Jan 7, 2019

It’s a fact that the threat of DDoS attacks is increasing!

Since Apache is a widely used web server, it can fall as the prime victim of DDoS.

Quite a terrible situation, right? So, what’s the smart decision here?

Even though, there is no perfect solution to prevent Apache DDoS attacks, we can defend it to a great extent.

At Bobcares, we help our server owners to harden and secure their web servers as part of our Dedicated Support Services for web hosts.

Today, we’ll discuss the top 8 methods to prevent Apache DDoS attacks.

 

What is DDoS? – A Brief Explanation

Before we go ahead, let’s see what DDoS is.

DDoS(Distributed Denial Of Service) tries to deny important services running on the system by sending heavy traffic, so that the server can’t handle it.

 

apache prevent ddos

What is DDoS attack?

 

Similarly, in a web server DDoS attack, attacker exploits HTTP GET or POST requests to attack the web server or application.

Consequently, it leads to service down time, reputation damage, financial loss, and more.

So, it’s really important to protect the web server from DDoS attacks.

 

How to prevent DDoS attacks in Apache?

Let’s now discuss how our Dedicated Support Team enable DDoS protection on Apache web servers.

1) Install mod_evasive Apache module

The mod_evasive Apache module offers a stronger way of protecting the web server against DDoS, DoS, and brute force attacks.

It tracks the IPs and pages requested to the Apache web server. And, blocks the traffic from that IP when the threshold is reached on the page or site.

As a result, the website displays 403 Forbidden errors.

Below are some of the mod_evasive parameters that our Security Experts tweak in mod_evasive.conf file to prevent DDoS attacks.

DOSHashTableSize
DOSPageCount
DOSSiteCount
DOSPageInterval
DOSSiteInterval
DOSBlockingPeriod

 

2) Install Mod_security module

Mod_security is an open source WAF(Web Application Firewall) that easily works with Apache.

It uses various protection rules to monitor the HTTP traffic and block suspicious/unwanted traffic, SQL injection, etc.

At Bobcares, we help server owners to integrate mod_security with Apache.

In addition to that, we set custom protection rules and add them to the mod_security configuration file /usr/local/apache/conf/mod_security.conf.

For example, our Support Engineers tweak the following mod_security parameters to limit the maximum data that can be posted on a web application, .

SecRequestBodyLimit
SecRequestBodyNoFilesLimit

3) Install DDoS Deflate

DDoS Deflate tool is an effective way of mitigating DDoS attacks for a limited number of websites.

It’s a bash script that uses netstat to identify and ban IPs that open too many connections to the server.

This application runs the following command to check the number of connections.

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

 

And, if the number of connections exceeds the threshold limit, it will automatically block that IP on the server.

Additionally, our Support Engineers tweak the DDoS Deflate configuration file “/usr/local/ddos/ddos.conf” to adjust the parameters like threshold connection limit, frequency at which the script runs, etc.

4) Software firewall

Similarly, DDoS attacks in Apache can be prevented by tweaking some parameters in the server firewall.

For example, in CSF, we enable and tweak parameters such as SYNFLOOD and PORTFLOOD to limit the connections on Apache web server port.

Moreover, we tweak CSF connection tracking parameters like CT_LIMIT, CT_INTERVAL, CT_BLOCK_TIME, etc. to limit the number of connections.

In the same way, we configure APF and iptables to mitigate DDoS.

For example, in iptables, we set rules to rate limit the number of connections on Apache port 80.

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

 

And, if the number of connection exceeds the threshold, the IP is blocked on the server.

 

5) Install Fail2ban

Fail2ban is a good option to prevent DDoS attacks in Apache.

It uses a list of regular expressions and checks against server logs. And, if connections exceed the threshold values, it blocks such IP addresses in the firewall.

Also, Fail2ban uses jails to determine which services must be protected. So, our Security Engineers help server owners set up custom jails to enable Apache DDoS protection.

For example, we add the following code in fail2ban configuration file /etc/fail2ban/jail.local to enable Apache DDoS jail.

[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache2/*error.log
maxretry = 4
findtime = 500
ignoreip = 10x.12x.1xx.xx7

6) Tweak Apache Configuration

In addition to that, our Support Experts also tweak certain Apache configuration parameters to mitigate DDoS problems.

We tune the Apache parameters like RequestReadTimeout, Timeout, KeepAliveTimeout, etc. to reduce the impact of DDoS attacks.

For example, we lower the KeepAliveTimeout parameter on sites that are subject to DDoS attacks. Similarly, we tune MaxRequestWorkers directive to allow the server to handle maximum number of simultaneous connections without running out of resources.

However, we can’t blindly tweak these parameters, so we analyze the server resources and traffic before tweaking these parameters.

 

7) Sysctl based protection

Another important step is to tweak the values set for SYN_SENT, SYN_RECV, TIME_WAIT and FIN_WAIT by modifying the below parameters in the /etc/sysctl.conf file.

net.ipv4.tcp_syncookies
net.ipv4.tcp_fin_timeout
net.ipv4.tcp_window_scaling
net.ipv4.tcp_sack

 

8) Setup Load balancer

Another best way to prevent Apache DDoS problems is by using load balancers such as HAProxy.

At Bobcares, our Server Administration Team help server owners setup load balancers on their servers.

In addition to that, we limit the number of connections per user, limit the HTTP request rate, etc. to mitigate DDoS attacks on web servers.

 

Conclusion

It’s hard to recover from DDoS attacks. That’s why protecting your web server against DDoS attacks is important. Today, we’ve discussed the 8 different steps that our Dedicated Support Engineers used to prevent DDoS in Apache.

Related posts:

  1. How to use Fail2ban for securing Apache web server from 404 attacks?
  2. DDoS prevention in Nginx – How to secure your server from DDoS attacks?
  3. Shell shock rescue – Tracing a bandwidth spike to outbound DDoS through the infamous Bash vulnerability
  4. CentOS DDoS protection – A guide to secure your server from DDoS!

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

100% WHITE LABEL SUPPORT

Bobcares

Spend time on your business - not on tech support.

Tech support can keep you busy all day long. That is time you could use to focus on your business. Leave your end-user support to us, and use that time to focus on the growth and success of your business.

TALK TO SALES Or click here to learn more.

Categories

Apache | DDoS | Technical Support

Tags

DDoS | DDoS attack | DDoS protection | DDoS security | denial of service attack | Security | server abuse

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF