Monday, April 21, 2014

Using mod_reqtimeout to make HTTP Server less vulnerable for DOS Attack for CentOS

This steps are for CentOS 5 and 6

Step 1: Upgrade Apache HTTP to the latest version
# yum update httpd


Step 2: Edit the httpd.conf.
# vim /etc/httpd/conf/httpd.conf

Inside httpd.conf. Scroll all the way to LoadModule.......... section and add the line
LoadModule reqtimeout_module modules/mod_reqtimeout.so


Step 3: Create a /etc/httpd/conf.d/reqtimeout.conf and put in the informationbelow
<ifmodule reqtimeout_module>
RequestReadTimeout header=10-20,minrate=500
RequestReadTimeout body=10,minrate=500
</ifmodule>


Step 4: To check whether the apache module is loaded, do
# apachectl -M
Or
apache2ctl -M

References:
  1. Mitigating WAS QID 150085 Slow HTTP POST Vulnerability on Apache

No comments: