There are ways to install and configure Apache’s httpd-guardian script. This script allows one to make use of ModSecurity’sTM SecGuardianLog directive. It monitors the web server requests in connection with the piped log mechanism to detect Denial-of-Service (DoS) attacks. This script has the capability to track the number of requests which the IP address sends and calculates request speed at intervals of one minute and five minutes. After reaching a specified threshold of the requests, the httpd-guardian scripts does two things:
In the /var/log/apache2/error_log file, the error messages from the scripts resides.
After downloading and configuring the script, one can determine its path in the GuardianLog section of WHM’s ModSecurity Configuration interface (WHM >> Home >> Security Center >> ModSecurity Configuration).
cvs -z3 -d:pserver:email@example.com:/cvsroot/apache-tools co -P apache-tools
It must be noted that if the Concurrent Versioning System (CVS) is not found existing in the server, then one can install it via yum install cvs command.
Example: #$COPY_LOG=”/var/lib/http-guardian.log”;my $COPY_LOG;
ps faux | grep httpd-guardian | grep -v grep
Output of this will necessarily be like:
Root 24722 0.0 0.3 28872 3272? S 19:31 0.00\- /usr/bin/perl -w/root/apache-tools/httpd-guardian
Apache’s httpd-guardian script allows a good working of ModSecurity Configuration. If configured correctly, this interface has the potential to save your server from the malicious DoS attempts.