How to Configure DDoS Protection in Apache Server

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article. You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

UPDATED: 8 months ago | Elijah Were

$5.50 Monthly

4 vCPU Cores | 8GB RAM

$15.50 Monthly

6 vCPU Cores | 16GB RAM

$17.50 Monthly

8 vCPU Cores | 24GB RAM

Introduction

Distributed Denial of Service (DDoS) attacks pose a significant threat to web servers. In this article, we’ll explore how to strengthen your Apache server against DDoS attacks using various configurations.

Install and Enable Mod_evasive

Mod_evasive is an Apache module designed to provide basic DDoS protection and intrusion detection. To install it, use the following command:

sudo apt-get install libapache2-mod-evasive

After installation, enable the module and configure its settings in the Apache configuration file:

sudo a2enmod evasive
sudo nano /etc/apache2/apache2.conf

Add the following lines at the end of the file:

<IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 2
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 10
</IfModule>

Save the file and restart Apache:

sudo systemctl restart apache2

This configuration sets parameters for tracking and blocking potential DDoS attempts.

Implement IP Whitelisting

Another effective strategy is to whitelist trusted IP addresses, allowing only legitimate traffic to reach your server. Edit the Apache configuration file:

sudo nano /etc/apache2/apache2.conf

Add the following lines to the <VirtualHost> section:

<RequireAll>
    Require ip 192.168.1.1 192.168.1.2
</RequireAll>

Replace the IP addresses with your trusted sources. Save the file and restart Apache.

sudo systemctl restart apache2

This configuration ensures that only specified IPs can access your Apache server.

Configure Rate Limiting with Mod_qos

Mod_qos is a powerful Apache module that enables rate limiting and helps mitigate DDoS attacks. Install it using:

sudo apt-get install libapache2-mod-qos

Edit the Apache configuration file:

sudo nano /etc/apache2/apache2.conf

Add the following lines to set rate-limiting rules:

<IfModule mod_qos.c>
    QS_LocRequestLimitMatch ^/ 10
    QS_SrvMaxConn 100
    QS_SrvMaxConnClose 80%
</IfModule>

Save and restart Apache:

sudo systemctl restart apache2

This configuration limits the number of requests from a single IP and sets maximum server connection limits.

Conclusion

Configuring DDoS protection in Apache is crucial for safeguarding your web server against malicious attacks. Leveraging modules like mod_evasive, implementing IP whitelisting, and utilizing mod_qos for rate limiting can enhance the security posture of your Apache server.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

Website migration, troubleshooting, and maintenance.
Server & application deployment, scaling, troubleshooting, and maintenance
Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx, OpenVPN, cPanel, WHMCS, WordPress, and more
Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.