Protect Apache Against DDOS Attack

Protect Apache Against  DDOS Attack

Hi Everyone…

A DDOS (Distributed Denial of Service) or distributed denial-of-service attack is on the most commonly attack on web server, some traditional firewalls are not able to detect it & kill it.

In DDOS attacker send thousand number of http requests on your web server, these request may be or not may be infected with virus. When these flood requests enter your permissive it starts to eat your network & server hardware resources & your system get shut down slowly and slowly. Sometime attacker sends these flood requests on different different source.

Slowloris DDOS Attack

Slowloris is different from typical denials of services in Slowloris attack you will receive legitimate http traffic even your firewall doesn’t detect it because all http requests are legitimate.  In Slowloris attacker have control option to send how many legitimate request on the target server, mostly attacker use slow rate delivery of slowloris to easily enter in your permissive. This means that Slowloris is capable of being effective even when standard enterprise-grade IPS and IDS systems are in place


 Apace mod_qos.

 mod_qos is a quality of service module for the Apache web server implementing control mechanisms that can provide different levels of priority to different HTTP requests.

mod_qos may be used to determine which requests should be served and which shouldn’t in order to avoid resource oversubscription. The module collects different attributes such as the request URL, HTTP request and response headers, the IP source address, the HTTP response code, history data (based on user session and source IP address), the number of concurrent requests to the server (total or requests having similar attributes), the number of concurrent TCP connections (total or from a single source IP), and so forth.

Counteractive measures to enforce the defined rules are: request blocking, dynamic timeout adjustment, request delay, response throttling, and dropping of TCP connections.


How to install mod_qos on linux:–

 I assumed here you have already configured apache server & your website is running.


apt-get install apache2-threaded-dev gcc


Download mod_qos from

Step:2 Extract mod_qos packages

root@demo:~# tar xvf mod_qos-10.16.tar.gz

root@demo:~# cd mod_qos-10.16/apache2/

Step3: bulid & install mod_qos

root@demo:~/mod_qos-10.16/apache2# apxs2 -i -c mod_qos.c

Libraries have been installed in:

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and manual pages.
chmod 644 /usr/lib/apache2/modules/

root@demo:~ # chmod 644 /usr/lib/apache2/modules/

Ste4:- Configure & Enable mod_qos

root@demo:~# cd /etc/apache2/mods-available/

root@demo:/etc/apache2/mods-available# vim qos.load 

LoadModule qos_module /usr/lib/apache2/modules/


root@demo:/etc/apache2/mods-available# vim qos.conf

## QoS Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 1000000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400

# block clients violating some basic rules frequently (don't allows more than 20
# violations within 5 minutes):
QS_ClientEventBlockCount 200 300
QS_SetEnvIfStatus 400 QS_Block
QS_SetEnvIfStatus 401 QS_Block
QS_SetEnvIfStatus 403 QS_Block
QS_SetEnvIfStatus 404 QS_Block
QS_SetEnvIfStatus 405 QS_Block
QS_SetEnvIfStatus 406 QS_Block
QS_SetEnvIfStatus 408 QS_Block
QS_SetEnvIfStatus 411 QS_Block
QS_SetEnvIfStatus 413 QS_Block
QS_SetEnvIfStatus 414 QS_Block
QS_SetEnvIfStatus 417 QS_Block
QS_SetEnvIfStatus 500 QS_Block
QS_SetEnvIfStatus 503 QS_Block
QS_SetEnvIfStatus 505 QS_Block
QS_SetEnvIfStatus QS_SrvMinDataRate QS_Block
QS_SetEnvIfStatus NullConnection QS_Block



 Step5: Enable mod_qos module and restart apache2

root@demo:~# a2enmod qos
root@demo:~# /etc/init.d/apache2 restart





Leave a Reply

Time limit is exhausted. Please reload the CAPTCHA.