-->

Home » Apache, Debian, Featured, Headline, How-to, Linux, Security, Shell

Compile and configure mod_qos to prevent Slowloris DDOS on Apache 2 from Debian Lenny distribution

4 May 2010 7 Comments

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Powered by WP Greet Box WordPress Plugin

mod_qos is becoming a very popular module for Apache, from the discover of Slowloris DDoS Attack. It seems, mod_qos is the best solution for Slowloris attack on Apache 2, but you can also check mod_evasive, mod_security or http accelerator “Varnish”. In this post I will try to present a step by step tutorial how to install mod_qos and configure to prevent Slowloris DDoS attack.

This post is just a compendium of other good posts:

First you should install dev packages to compile mod_qos

apt-get install apache2-threaded-dev libgnutls-dev libssl-dev gcc make

Now download the latest version of mod_qos from http://sourceforge.net/projects/mod-qos/

$ cd /usr/src $ wget http://downloads.sourceforge.net/project/mod-qos/9.17/mod_qos-9.17.tar.gz?use_mirror=garr $ tar -xzf mod_qos-9.17.tar.gz

Now you can build the module

$ cd mod_qos-9.17/apache2/ $ apxs2 -i -c mod_qos.c

You should see the module compiling and if is everything ok the last lines of compile output should be:

cp .libs/mod_qos.so /usr/lib/apache2/modules/mod_qos.so
cp .libs/mod_qos.lai /usr/lib/apache2/modules/mod_qos.la
PATH=”$PATH:/sbin” ldconfig -n /usr/lib/apache2/modules
———————————————————————-
Libraries have been installed in:
/usr/lib/apache2/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR’
flag during linking and do at least one of the following:
– add LIBDIR to the `LD_LIBRARY_PATH’ environment variable
during execution
– add LIBDIR to the `LD_RUN_PATH’ environment variable
during linking
– use the `-Wl,–rpath -Wl,LIBDIR’ linker flag
– have your system administrator add LIBDIR to `/etc/ld.so.conf’

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
———————————————————————-
chmod 644 /usr/lib/apache2/modules/mod_qos.so

If you want to compile qslog just run the following commands:

$ cd /usr/src/mod_qos-9.17/tools $ make $ cp qslog /usr/local/bin/

Now you should configure mod_qos. In /etc/apache2/mods-available/ add 2 files:
1. qos.load with the following content:
LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so

2. qos.conf with the following content:
## QoS Settings # handles connections from up to 100000 different IPs QS_ClientEntries 100000 # will allow only 50 connections per IP QS_SrvMaxConnPerIP 50 # maximum number of active TCP connections is limited to 256 MaxClients 256 # disables keep-alive when 70% of the TCP connections are occupied: QS_SrvMaxConnClose 180 # minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything): QS_SrvMinDataRate 150 1200 # and limit request header and body (carefull, that limits uploads and post requests too): # LimitRequestFields 30 # QS_LimitRequestBody 102400

Now you should enable the module and restart Apache.

$ a2enmod qos $ /etc/init.d/apache2 restart

Now you are ready.

To see the attacks from logs you can use qslogs:

$ cat /var/log/apache2/access.log | qslog -f ..IR.B.T -o /tmp/stat_log -p

Good luck!

/usr/lib64/apr-1/build/libtool –silent –mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector –param=ssp-buffer-size=4 -m64 -mtune=generic -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o mod_qos.lo mod_qos.c && touch mod_qos.slo
mod_qos.c:72:18: error: pcre.h: No such file or directory
mod_qos.c:378: error: expected specifier-qualifier-list before ‘pcre’
mod_qos.c:393: error: expected specifier-qualifier-list before ‘pcre’
mod_qos.c:760: error: expected specifier-qualifier-list before ‘pcre’
mod_qos.c:767: error: expected specifier-qualifier-list before ‘pcre’
mod_qos.c:917: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
mod_qos.c: In function ‘qos_load_headerfilter’:
mod_qos.c:960: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:960: warning: implicit declaration of function ‘pcre_compile’
mod_qos.c:960: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:960: error: (Each undeclared identifier is reported only once
mod_qos.c:960: error: for each function it appears in.)
mod_qos.c:961: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:962: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:963: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:969: error: ‘qos_fhlt_r_t’ has no member named ‘extra’
mod_qos.c:969: warning: implicit declaration of function ‘qos_pcre_study’
mod_qos.c:969: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:971: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:971: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_verify_milestone’:
mod_qos.c:1697: warning: implicit declaration of function ‘pcre_exec’
mod_qos.c:1697: error: ‘qos_milestone_t’ has no member named ‘preg’
mod_qos.c:1697: error: ‘qos_milestone_t’ has no member named ‘extra’
mod_qos.c:1705: error: ‘qos_milestone_t’ has no member named ‘action’
mod_qos.c:1712: error: ‘qos_milestone_t’ has no member named ‘action’
mod_qos.c:1715: error: ‘qos_milestone_t’ has no member named ‘action’
mod_qos.c: In function ‘qos_per_dir_event_rules’:
mod_qos.c:2587: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:2589: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c:2590: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c:2594: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c:2600: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:2604: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:2605: error: ‘qos_rfilter_t’ has no member named ‘id’
mod_qos.c:2606: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c:2606: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:2609: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c: In function ‘qos_per_dir_rules’:
mod_qos.c:3056: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:3058: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:3058: error: ‘qos_rfilter_t’ has no member named ‘extra’
mod_qos.c:3059: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:3061: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:3061: error: ‘qos_rfilter_t’ has no member named ‘extra’
mod_qos.c:3062: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:3064: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:3064: error: ‘qos_rfilter_t’ has no member named ‘extra’
mod_qos.c:3065: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:3069: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:3069: error: ‘qos_rfilter_t’ has no member named ‘extra’
mod_qos.c:3070: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:3076: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:3077: error: ‘qos_rfilter_t’ has no member named ‘id’
mod_qos.c:3081: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:3082: error: ‘qos_rfilter_t’ has no member named ‘id’
mod_qos.c:3083: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c:3083: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:3086: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c: In function ‘qos_header_filter’:
mod_qos.c:3122: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:3122: error: ‘qos_fhlt_r_t’ has no member named ‘extra’
mod_qos.c:3126: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:3131: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:3132: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c: In function ‘qos_setenvresheader’:
mod_qos.c:3385: error: ‘pcre’ undeclared (first use in this function)
mod_qos.c:3385: error: ‘pr’ undeclared (first use in this function)
mod_qos.c:3385: error: expected expression before ‘)’ token
mod_qos.c: In function ‘qos_parp_hp_body’:
mod_qos.c:3543: error: ‘qos_setenvifparpbody_t’ has no member named ‘preg’
mod_qos.c:3543: error: ‘qos_setenvifparpbody_t’ has no member named ‘extra’
mod_qos.c:3545: error: ‘qos_setenvifparpbody_t’ has no member named ‘name’
mod_qos.c:3546: error: ‘qos_setenvifparpbody_t’ has no member named ‘value’
mod_qos.c:3558: error: ‘qos_setenvifparpbody_t’ has no member named ‘pregx’
mod_qos.c: In function ‘qos_post_config’:
mod_qos.c:8307: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:8308: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:8315: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:8316: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c: In function ‘qos_event_setenvresheadermatch_cmd’:
mod_qos.c:9621: error: ‘pcre’ undeclared (first use in this function)
mod_qos.c:9621: error: ‘pr’ undeclared (first use in this function)
mod_qos.c:9621: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:9621: error: ‘PCRE_CASELESS’ undeclared (first use in this function)
mod_qos.c:9628: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_event_setenvifparpbody_cmd’:
mod_qos.c:9721: error: ‘qos_setenvifparpbody_t’ has no member named ‘pregx’
mod_qos.c:9725: error: ‘qos_setenvifparpbody_t’ has no member named ‘preg’
mod_qos.c:9725: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:9725: error: ‘PCRE_CASELESS’ undeclared (first use in this function)
mod_qos.c:9726: error: ‘qos_setenvifparpbody_t’ has no member named ‘preg’
mod_qos.c:9732: error: ‘qos_setenvifparpbody_t’ has no member named ‘extra’
mod_qos.c:9732: error: ‘qos_setenvifparpbody_t’ has no member named ‘preg’
mod_qos.c:9733: error: ‘qos_setenvifparpbody_t’ has no member named ‘preg’
mod_qos.c:9733: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c:9734: error: ‘qos_setenvifparpbody_t’ has no member named ‘pregx’
mod_qos.c:9738: error: ‘qos_setenvifparpbody_t’ has no member named ‘name’
mod_qos.c:9739: error: ‘qos_setenvifparpbody_t’ has no member named ‘name’
mod_qos.c:9739: error: ‘qos_setenvifparpbody_t’ has no member named ‘name’
mod_qos.c:9739: error: ‘qos_setenvifparpbody_t’ has no member named ‘name’
mod_qos.c:9741: error: ‘qos_setenvifparpbody_t’ has no member named ‘value’
mod_qos.c:9745: error: ‘qos_setenvifparpbody_t’ has no member named ‘value’
mod_qos.c: In function ‘qos_deny_cmd’:
mod_qos.c:10190: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:10195: error: ‘qos_rfilter_t’ has no member named ‘id’
mod_qos.c:10197: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:10199: error: ‘qos_rfilter_t’ has no member named ‘action’
mod_qos.c:10204: error: ‘qos_rfilter_t’ has no member named ‘type’
mod_qos.c:10205: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:10205: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:10206: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:10212: error: ‘qos_rfilter_t’ has no member named ‘extra’
mod_qos.c:10212: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:10213: error: ‘qos_rfilter_t’ has no member named ‘pr’
mod_qos.c:10213: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c:10215: error: ‘qos_rfilter_t’ has no member named ‘text’
mod_qos.c: In function ‘qos_deny_rql_cmd’:
mod_qos.c:10221: error: ‘PCRE_CASELESS’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_deny_path_cmd’:
mod_qos.c:10225: error: ‘PCRE_CASELESS’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_deny_query_cmd’:
mod_qos.c:10229: error: ‘PCRE_CASELESS’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_milestone_cmd’:
mod_qos.c:10273: error: ‘qos_milestone_t’ has no member named ‘preg’
mod_qos.c:10273: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:10274: error: ‘qos_milestone_t’ has no member named ‘preg’
mod_qos.c:10281: error: ‘qos_milestone_t’ has no member named ‘preg’
mod_qos.c:10281: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c:10282: error: ‘qos_milestone_t’ has no member named ‘extra’
mod_qos.c:10282: error: ‘qos_milestone_t’ has no member named ‘preg’
mod_qos.c:10285: error: ‘qos_milestone_t’ has no member named ‘action’
mod_qos.c:10287: error: ‘qos_milestone_t’ has no member named ‘action’
mod_qos.c: In function ‘qos_headerfilter_rule_cmd’:
mod_qos.c:10450: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:10455: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10455: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:10457: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:10459: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:10464: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10471: error: ‘qos_fhlt_r_t’ has no member named ‘extra’
mod_qos.c:10471: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10472: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:10477: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10477: error: ‘pcre_free’ undeclared (first use in this function)
mod_qos.c: In function ‘qos_resheaderfilter_rule_cmd’:
mod_qos.c:10494: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:10496: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10496: error: ‘PCRE_DOTALL’ undeclared (first use in this function)
mod_qos.c:10497: error: ‘qos_fhlt_r_t’ has no member named ‘action’
mod_qos.c:10498: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10505: error: ‘qos_fhlt_r_t’ has no member named ‘extra’
mod_qos.c:10505: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10506: error: ‘qos_fhlt_r_t’ has no member named ‘size’
mod_qos.c:10511: error: ‘qos_fhlt_r_t’ has no member named ‘pcre’
mod_qos.c:10511: error: ‘pcre_free’ undeclared (first use in this function)
apxs:Error: Command failed with rc=65536
.
[root@PS11I07VMAP171 apache2]#

# 6 March 2013 at 10:26 am

admin (author) said:

Install pcre dev package.

# 15 March 2013 at 12:07 pm

Compile and configure mod_qos to prevent Slowloris DDOS on Apache 2 from Debian Lenny distribution

Related Posts:

7 Comments »

Leave your response!

Find us on Facebook

Donate me a Beer!

Recognition Wall

Syndicate

Blogroll

Tags

Promote

Categories

Recent Posts

Most Commented

Recent Comments