HOW TO PREVENT DOS ATTACK USING CSF FIREWALL
What is a DOS Attack ?
How to prevent DOS Attack to apache using CSF firewall ?
Using CSF firewall you can eliminate DOS attack to apache in a easy way, by using the following steps :
Step 1 : Open the CSF configuration file /etc/csf/csf.conf
Step 2 : In that, search for option called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=60 , here 60 is the max no.of connections from an IP to your server ( choose this value according to your server usage )
Step 3 : Now search for option called CT_PORTS.This option is used to specify the port for which you want to prevent DOS attack.Since our aim is to prevent the DOS attack to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80″
After completing the above steps, whenever the server have 60 established connections from an IP address to apache, it is considered as a DOS attack and that IP address is blocked in firewall.
Note: In CT_PORTS you can specify the ports to be prevented for DOS attack, that is if want to prevent DOS attack to mail server then specify CT_PORTS=”25″. You can specify any number of ports in a comma separated format, like CT_PORTS=”80,25,110″
If CSF is not installed then use the following steps to install CSF.==================================================
1) Steps to install CSF firewall on your Centos Linux Server
Make sure perl modules are installed.
yum install -y perl-libwww-perl
Download, unpack the tar file.
Download from the link : http://www.configserver.com/cp/csf.html
Commands to be used:
cd /usr/local/src wget http://www.configserver.com/free/csf.tgz tar -zxvf csf.tgz cd csf ./install.sh
Edit the configuration with your favorite editor, in this case I used vi:
Edit the value from:
TESTING = "1"
TESTING = "0"
Step 4: Restart the service:
Kool csf installed