Total Pageviews

Saturday 1 March 2014

使用Mod_Evasive和Mod_Security模块保护你的网站

Most creators, businesses, and publishers don’t have the expertise to monitor and manage the ever evolving landscape of security threats, and so they trust their web hosting company to take care of their online presence. Today, I want to take a look at two of the components that allow responsible web hosting providers to keep their clients safe from attack.

Mod_evasive

A denial of service attack occurs when a server or group of servers — often constituents of a botnet — bombard a site with many more requests than it can handle, resulting in degraded service for legitimate users, and, in the worst cases, no service at all.
Apache, the web server that serves the majority of sites on the web, isn’t very good at handling denial of service attacks. It will assume that all requests are genuine and make a good faith effort to fulfill them. But, when those requests become excessive, Apache can become overloaded and use all of the server resources available to it, causing the server to slow down to a crawl.
Mod_evasive bills itself as an “evasive maneuvers module for Apache” and helps the web server to better determine which requests are genuine and which are malicious, making it a powerful tool for preventing denial of service attacks from swamping servers. It creates a dynamic table containing the IP addresses of incoming requests and monitors them for bad behavior, denying requests from IPs that match certain conditions. For example, if an IP requests the same page more than a few times a second, mod_evasive will ignore future requests for a period of time. It will also deny requests from any IP making more than 50 requests per second of the same child process. Essentially, mod_evasive rate limits requests in an attempt to prevent the server becoming overwhelmed.

Mod_security

Mod_security is an application-layer firewall for Apache (and other web servers). It monitors incoming requests and blocks those that contain common exploits. For example, one of the most pervasive methods used by hackers to breach the security of sites running databases is through SQL injection attacks. Poorly coded sites that don’t properly validate input are vulnerable to being passed strings that will be run by the database, potentially allowing hackers to gain access to data that they shouldn’t be able to see or even edit the database — causing it to delete user information, for example. Mod_security will prevent these sort attacks from being successful by blocking them before they ever reach the server.
In a recent study, mod_security was found to be more effective at preventing successful attacks than the systems implemented by SaaS web application firewall providers like CloudFlare.
While neither of these applications will make a site invulnerable, working together they can defeat a significant proportion of the attacks that will be faced by the average website, helping ensure that a site does not become a victim of hackers and maintains stability, availability, and performance in the face of denial of service attacks.

from http://www.wiredtree.com/blog/how-mod_evasive-and-mod_security-help-protect-your-website/