Preventing Apache DOS attacks
Posted on January 2, 2007 on 1:32 pm by glen | In General, Apache, RedHat | No CommentsWe’ve recently come under attack from denial-of-service (DOS) attacks. In order to alleviate this situation, we are currently testing out the mod_evasive Apache module.
The install was simple. After downloading and unpacking the source code…
/usr/sbin/apxs -i -a -c mod_evasive20.c
This will compile the module, copy it to the correct directory and enable the module in your Apache config. In addition, we added the following options to our httpd.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify glen@designsolution.co.uk
</IfModule>
Now, if too many requests come in from an IP address, the server will respond with a HTTP 403 response. This helps to save on bandwidth and reduce CPU load. Ideally, we would like to hook this into our firewall… our investigations are on-going!
Enabling GD library for PHP 4.4.4 on Mac OS X
Posted on December 16, 2006 on 2:21 am by glen | In MySQL, PHP, Apache, Mac | 4 CommentsFor some reason, GD is not enabled in the default Mac OS X build of PHP 4.4.4. Here’s an easy way to install. Make sure you have the following fink packages installed:
- libpng3
- libjpeg
1. Download the source code for PHP 4.4.4
2. Unpack the source
tar jxvf php-4.4.4.tar.bz2
cd php-4.4.4
3. Compile and install the GD extension
cd ext/gd
phpize
./configure --with-jpeg-dir=/sw --with-png-dir=/sw --with-zlib-dir=/usr
make
sudo make install
This last stage will install the GD shared object into /usr/lib/php/extensions/no-debug-non-zts-20020429/
4. Pull in the GD module at startup
Edit /etc/php.ini and add the following line:
; Enable gd extension module
extension=gd.so
and make sure the following line is commented out:
;extension_dir = "./"
5. Restart Apache
sudo apachectl graceful
Bingo!
