Quick way to install mod_qos on Debian Lenny to protect from Slowloris

I’m gonna do a fast walk through on installing and enabling mod_qos on Debian, original article is available in Bulgarian on mpetrov’s blog .
So let’s go…
1. Install required development files and tools to be able to proper compile:

debian-server# apt-get install apache2-threaded-dev gcc

2. Download the mod_qos latest archive from sourceforge

debian-server# cd /usr/local/srcdebian-server# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.8.tar.gz

3. Unarchive (Untar) the mod_qos archive and compile the module

debian-server# tar zxvf mod_qos-9.8.tar.gz
debian-server# cd mod_qos-9.8/apache2/
debian-server# apxs2 -i -c mod_qos.c

You can see from the compile output module is installed to; usr/lib/apache2/modules

4. Now let us create mod_qos configuration files

debian-server# cd /etc/apache2/mods-available/
debian-server# echo "LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so" > qos.load

debian-server# vim /etc/apache2/mods-available/qos.conf

## QoS module Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 180
# minimum request/response speed (deny slow clients blocking the server,
# ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>

5. All left is to load the mod_qos module into Apache and restart the webserver

debian-server# a2enmod qos
debian-server# /etc/init.d/apache2 restart

Congratulations, Now slowloris and many other Apache DoS techniques won’t bother you anymore!

Share this on

Download PDFDownload PDF

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.