The apache module that will do the job is called mod_dosevasive. The installation is easy.

• Download from http://www.nuclearelephant.com/projects/dosevasive/
• extract it
• apxs2 -i -a -c mod_dosevasive20

Configure the apache2

Edit your httpd.conf (usually located in /usr/local/apache/conf/httpd.conf):
Add:

<IfModule mod_dosevasive20.c>
  DOSHashTableSize 3097
  DOSPageCount 2
  DOSSiteCount 50
  DOSPageInterval 1
  DOSSiteInterval 1
  DOSBlockingPeriod 10
  DOSEmailNotify someuser@somedomain.com
  DOSSystemCommand "/dir/command  %s"
</IfModule>

Then you can restart

• /etc/init.d/apache2 restart

Be carefull because the options are extremly important. For example if your web application use one file as a controller all the requests will go to this file you will got very often such errors:

Here is a short help on the configuration options

- DOSHashTableSize: is the size of the table of URL and IP combined
- DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
- DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
- DOSPageInterval: is the interval that the hash table for IPs and URLs is erased (in seconds)
- DOSSiteInterval: is the intervale that the hash table of IPs is erased (in seconds)
- DOSBlockingPeriod: is the time the IP is blacked (in seconds)
- DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
- DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
- DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1