¾ÆÆÄÄ¡(httpd) ddos mod_evasive ¸ðµâ ¼³Ä¡ ¹× Å×½ºÆ® _ ½ÇÀü µðµµ½º °ø°Ý
Àúµµ ¼¹ö¸¦ »ç¿ëÇÏ°í ÀÖÁö¸¸, ÇØ¿Ü¿¡¼ µðµµ½º °ø°ÝÀÌ µé¾î¿ÔÀ»¶§, »¡¸® °£ÆÄÇÏ°í ¿Ü±¹ »çÀÌÆ®¸¦ ¸ÕÀú ¸·¾Ò½À´Ï´Ù.
¸·´Â ¹æ¹ýÀº ÃֽŠ°øÀ¯±â¸¦ ¼³Á¤ ¿Ü±¹ ¾ÆÀÌÇǸ¦ Â÷´ÜÇÏ´Â Á¦Ç°ÀÌ Àֳ׿ë (¿ª½¬)
ÇÏÁö¸¸ ¾ó¸¶ Áö³ªÁö ¾Ê¾Æ¼ ±¹³»¿¡¼ µðµµ½º °ø°ÝÀÌ µé¾î¿À´Âµ¥ ¾Æ¹«¸® ã¾Æ¼ ÇغÁµµ ¾ÈµÇ´Â°É ¾ÆÆÄÄ¡ ¸ðµâ mod_evasive
±×¸®°í iptables ¹æȺ® ¼³Á¤, À̳ðÀÇ °ø°ÝÆÐÅÏÀÌ ¿©·¯ IP, URL, °ø°Ý½Ã°£ ÁÖ±âµîÀ» ã¾Æ µé¾î¿À´Â Áö¶ó, ¤Ð
±×·¡¼ Á¶±Ý ´õ °øºÎÇؼ µé¿©´Ù º¸¾Ò´Âµ¥, ¾î·ÆÁö ¾Ê³×¿ä ¤»¤»
¾Æ·¡ ³»¿ëÀº ´Ù¸¥ ´Ô²²¼ ¿Ã¸®½Å ±Û¿¡´Ù°¡ ÆíÁýÀ» ¾ÆÁÖÂØ±Ý °¡Çß½À´Ï´Ù. °ÅÀÇ ¾ø´Â°Å³ª ¸¶Âù°¡Áö ¤»¤»
¾Æ¹«ÂÉ·Ï Àúó·³ ¼¹ö ¿î¿µÇϽô ºÐµé ÂüÁ¶ÇϽöó°í
mod_evasive
- ¾ÆÆÄÄ¡ ddos º¸¾È ¸ðµâ·Î, ¼¹ö¿¡ ¸¹Àº ¿äûÀ» º¸³»´Â Æ®·¡ÇÈÀ» Â÷´ÜÇÏ´Â ¿ªÇÒÀ» ÇÑ´Ù
¼³Ä¡ ¹æ¹ý
Centos
# Centos
$ yum install epel-release
$ yum update mod_evasive
Ubuntu
$ apt isntall libabache2-mod-evasive
¼³Á¤ ÆÄÀÏ À§Ä¡
/etc/httpd/conf.d/mod_evasive.conf
¼³Á¤ÆÄÀÏ ¾Ë¾Æº¸±â
LoadModule evasive20_module modules/mod_evasive20.so # ¸ðµâ·Îµå
<IfModule mod_evasive20.c>
DOSHashTableSize 3097 # HashTable Å©±â-»çÀÌÆ® ºÐ¼®À» À§ÇÑ »çÀÌÁîÇÒ´ç\
# Á¢¼Ó·®ÀÌ ¸¹Àº »çÀÌÆ®ÀÎ °æ¿ì Å©±â¸¦ Å©°Ô ÀâÀ»°Í
DOSPageCount 2 # ÁöÁ¤ÇÑ ½Ã°£(DOSPageInterval)µ¿¾È °°ÀºÆäÀÌÁö¸¦(DOSPageCount¹ø)
# ¿äûÇÒ °æ¿ì 403¿¡·¯
DOSPageInterval 1 # ´ÜÀ§(ÃÊ)
DOSSiteCount 50 # ÁöÁ¤ÇÑ ½Ã°£(DOSSiteInterval)µ¿¾È ÃÑÈ÷Æ®¼ö(html/À̹ÌÁö)°¡ ½ÇÀü 5
# ÃÑ(DOSSiteCount)À» ÃÊ°úÇÒ°æ¿ì 403¿¡·¯
DOSSiteInterval 1 # ´ÜÀ§(ÃÊ)
DOSBlockingPeriod 10 # Â÷´Ü ½Ã°£ / ´ÜÀ§(ÃÊ) ½ÇÀü 120
DOSWhitelist 192.168.0.* # DOS °ø°ÝÀ¸·ÎºÎÅÍ Á¦¿ÜÇÒ IP µî·Ï
DOSLogDir "/tmp" # ·Î±× °æ·Î ÁöÁ¤
</IfModule>
¾ÆÆÄÄ¡ À籸µ¿
$ systemctl restart network
¾ÆÆÄÄ¡ ab¸¦ ÀÌ¿ëÇÑ ºÎÇÏ Å×½ºÆ®
- n : ÃÑ ¿äû ¼ö
- c : µ¿½Ã Á¢¼Ó
$ ab -n 20 -c 1 http://10.10.10.1/index.html
- ·Î±× È®ÀÎ
- 200 OK·Î ÀÀ´äÇÏ´Ù°¡ Â÷´ÜµÇ¾î 403À¸·Î ÀÀ´ä
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 200 5 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 200 5 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 200 5 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 200 5 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 403 290 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 403 290 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 403 290 "-" "ApacheBench/2.3"
[13/Jan/2023:13:53:26 +0900] "GET /index.html HTTP/1.0" 403 290 "-" "ApacheBench/2.3"