質問編集履歴
4
access_logの追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -267,3 +267,111 @@
|
|
267
267
|
</IfModule>
|
268
268
|
|
269
269
|
```
|
270
|
+
|
271
|
+
|
272
|
+
|
273
|
+
追記2:access_log
|
274
|
+
|
275
|
+
access_logは全て200で返ってきています。
|
276
|
+
|
277
|
+
*しきい値を超えている付近を抜粋。
|
278
|
+
|
279
|
+
|
280
|
+
|
281
|
+
```
|
282
|
+
|
283
|
+
127.0.0.1 - - [09/Jan/2016:08:14:17 +0000] "GET /?38 HTTP/1.0" 200 2926 "-" "-"
|
284
|
+
|
285
|
+
127.0.0.1 - - [09/Jan/2016:08:14:17 +0000] "GET /?39 HTTP/1.0" 200 2926 "-" "-"
|
286
|
+
|
287
|
+
127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?40 HTTP/1.0" 200 2926 "-" "-"
|
288
|
+
|
289
|
+
127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?41 HTTP/1.0" 200 2926 "-" "-"
|
290
|
+
|
291
|
+
127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?42 HTTP/1.0" 200 2926 "-" "-"
|
292
|
+
|
293
|
+
127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?43 HTTP/1.0" 200 2926 "-" "-"
|
294
|
+
|
295
|
+
127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?44 HTTP/1.0" 200 2926 "-" "-"
|
296
|
+
|
297
|
+
127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?45 HTTP/1.0" 200 2926 "-" "-"
|
298
|
+
|
299
|
+
127.0.0.1 - - [09/Jan/2016:08:14:20 +0000] "GET /?46 HTTP/1.0" 200 2926 "-" "-"
|
300
|
+
|
301
|
+
127.0.0.1 - - [09/Jan/2016:08:14:20 +0000] "GET /?47 HTTP/1.0" 200 2926 "-" "-"
|
302
|
+
|
303
|
+
127.0.0.1 - - [09/Jan/2016:08:14:21 +0000] "GET /?48 HTTP/1.0" 200 2926 "-" "-"
|
304
|
+
|
305
|
+
127.0.0.1 - - [09/Jan/2016:08:14:21 +0000] "GET /?49 HTTP/1.0" 200 2926 "-" "-"
|
306
|
+
|
307
|
+
```
|
308
|
+
|
309
|
+
念のため、外部サーバから```ab -n 50 -c 10 http://サーバ名/```も実施しましたがこちらも200で返ってきてます。
|
310
|
+
|
311
|
+
*しきい値を超えている付近を抜粋。ソースアドレスをXXX.XXX.XXX.XXXで置き換え
|
312
|
+
|
313
|
+
```
|
314
|
+
|
315
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:07 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
316
|
+
|
317
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:07 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
318
|
+
|
319
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:08 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
320
|
+
|
321
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:09 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
322
|
+
|
323
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
324
|
+
|
325
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
326
|
+
|
327
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
328
|
+
|
329
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
330
|
+
|
331
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
332
|
+
|
333
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
334
|
+
|
335
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
336
|
+
|
337
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
338
|
+
|
339
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:12 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
340
|
+
|
341
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:14 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
342
|
+
|
343
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
344
|
+
|
345
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
346
|
+
|
347
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
348
|
+
|
349
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
350
|
+
|
351
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
352
|
+
|
353
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
354
|
+
|
355
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
356
|
+
|
357
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:16 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
358
|
+
|
359
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:16 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
360
|
+
|
361
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:18 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
362
|
+
|
363
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
364
|
+
|
365
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
366
|
+
|
367
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
368
|
+
|
369
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
370
|
+
|
371
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
372
|
+
|
373
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
374
|
+
|
375
|
+
XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
|
376
|
+
|
377
|
+
```
|
3
初心者マーク
test
CHANGED
File without changes
|
test
CHANGED
File without changes
|
2
追記の修正
test
CHANGED
File without changes
|
test
CHANGED
@@ -98,11 +98,29 @@
|
|
98
98
|
|
99
99
|
/etc/httpd/conf/httpd.conf
|
100
100
|
|
101
|
+
・
|
102
|
+
|
103
|
+
・
|
104
|
+
|
105
|
+
・
|
106
|
+
|
101
107
|
Include conf.d/*.conf
|
102
108
|
|
109
|
+
・
|
110
|
+
|
111
|
+
・
|
112
|
+
|
113
|
+
・
|
114
|
+
|
115
|
+
|
116
|
+
|
103
|
-
```
|
117
|
+
```
|
104
|
-
|
118
|
+
|
105
|
-
```
|
119
|
+
```
|
120
|
+
|
121
|
+
/etc/httpd/conf.d/mod_evasive.conf
|
122
|
+
|
123
|
+
|
106
124
|
|
107
125
|
LoadModule evasive20_module modules/mod_evasive20.so
|
108
126
|
|
1
追記:httpd\.confに関して
test
CHANGED
File without changes
|
test
CHANGED
@@ -10,9 +10,9 @@
|
|
10
10
|
|
11
11
|
|
12
12
|
|
13
|
-
*参考にしたサイト:
|
13
|
+
*参考にしたサイト:
|
14
|
-
|
14
|
+
|
15
|
-
http://okochang.hatenablog.jp/entry/2014/03/15/161134
|
15
|
+
[Apache DoS攻撃にそなえる](http://okochang.hatenablog.jp/entry/2014/03/15/161134)
|
16
16
|
|
17
17
|
|
18
18
|
|
@@ -83,3 +83,169 @@
|
|
83
83
|
切り分け方法や対処方法をどなたかアドバイスいただけないでしょうか。
|
84
84
|
|
85
85
|
よろしくお願いします。
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
追記:httpd.confに関して
|
90
|
+
|
91
|
+
抜粋となりますが、以下で設定しています。
|
92
|
+
|
93
|
+
*ご質問頂いた対象箇所がわからなかったため、必要と思われる箇所をこちらで判断しました。確認箇所を追加でご指示いただけると幸いです。
|
94
|
+
|
95
|
+
|
96
|
+
|
97
|
+
```
|
98
|
+
|
99
|
+
/etc/httpd/conf/httpd.conf
|
100
|
+
|
101
|
+
Include conf.d/*.conf
|
102
|
+
|
103
|
+
```
|
104
|
+
|
105
|
+
```
|
106
|
+
|
107
|
+
LoadModule evasive20_module modules/mod_evasive20.so
|
108
|
+
|
109
|
+
|
110
|
+
|
111
|
+
<IfModule mod_evasive20.c>
|
112
|
+
|
113
|
+
# The hash table size defines the number of top-level nodes for each
|
114
|
+
|
115
|
+
# child's hash table. Increasing this number will provide faster
|
116
|
+
|
117
|
+
# performance by decreasing the number of iterations required to get to the
|
118
|
+
|
119
|
+
# record, but consume more memory for table space. You should increase
|
120
|
+
|
121
|
+
# this if you have a busy web server. The value you specify will
|
122
|
+
|
123
|
+
# automatically be tiered up to the next prime number in the primes list
|
124
|
+
|
125
|
+
# (see mod_evasive.c for a list of primes used).
|
126
|
+
|
127
|
+
DOSHashTableSize 3097
|
128
|
+
|
129
|
+
|
130
|
+
|
131
|
+
# This is the threshhold for the number of requests for the same page (or
|
132
|
+
|
133
|
+
# URI) per page interval. Once the threshhold for that interval has been
|
134
|
+
|
135
|
+
# exceeded, the IP address of the client will be added to the blocking
|
136
|
+
|
137
|
+
# list.
|
138
|
+
|
139
|
+
DOSPageCount 2
|
140
|
+
|
141
|
+
|
142
|
+
|
143
|
+
# This is the threshhold for the total number of requests for any object by
|
144
|
+
|
145
|
+
# the same client on the same listener per site interval. Once the
|
146
|
+
|
147
|
+
# threshhold for that interval has been exceeded, the IP address of the
|
148
|
+
|
149
|
+
# client will be added to the blocking list.
|
150
|
+
|
151
|
+
DOSSiteCount 50
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
# The interval for the page count threshhold; defaults to 1 second
|
156
|
+
|
157
|
+
# intervals.
|
158
|
+
|
159
|
+
DOSPageInterval 1
|
160
|
+
|
161
|
+
|
162
|
+
|
163
|
+
# The interval for the site count threshhold; defaults to 1 second
|
164
|
+
|
165
|
+
# intervals.
|
166
|
+
|
167
|
+
DOSSiteInterval 1
|
168
|
+
|
169
|
+
|
170
|
+
|
171
|
+
# The blocking period is the amount of time (in seconds) that a client will
|
172
|
+
|
173
|
+
# be blocked for if they are added to the blocking list. During this time,
|
174
|
+
|
175
|
+
# all subsequent requests from the client will result in a 403 (Forbidden)
|
176
|
+
|
177
|
+
# and the timer being reset (e.g. another 10 seconds). Since the timer is
|
178
|
+
|
179
|
+
# reset for every subsequent request, it is not necessary to have a long
|
180
|
+
|
181
|
+
# blocking period; in the event of a DoS attack, this timer will keep
|
182
|
+
|
183
|
+
# getting reset.
|
184
|
+
|
185
|
+
DOSBlockingPeriod 10
|
186
|
+
|
187
|
+
|
188
|
+
|
189
|
+
# If this value is set, an email will be sent to the address specified
|
190
|
+
|
191
|
+
# whenever an IP address becomes blacklisted. A locking mechanism using
|
192
|
+
|
193
|
+
# /tmp prevents continuous emails from being sent.
|
194
|
+
|
195
|
+
#
|
196
|
+
|
197
|
+
# NOTE: Requires /bin/mail (provided by mailx)
|
198
|
+
|
199
|
+
#DOSEmailNotify you@yourdomain.com
|
200
|
+
|
201
|
+
|
202
|
+
|
203
|
+
# If this value is set, the system command specified will be executed
|
204
|
+
|
205
|
+
# whenever an IP address becomes blacklisted. This is designed to enable
|
206
|
+
|
207
|
+
# system calls to ip filter or other tools. A locking mechanism using /tmp
|
208
|
+
|
209
|
+
# prevents continuous system calls. Use %s to denote the IP address of the
|
210
|
+
|
211
|
+
# blacklisted IP.
|
212
|
+
|
213
|
+
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
|
214
|
+
|
215
|
+
|
216
|
+
|
217
|
+
# Choose an alternative temp directory By default "/tmp" will be used for
|
218
|
+
|
219
|
+
# locking mechanism, which opens some security issues if your system is
|
220
|
+
|
221
|
+
# open to shell users.
|
222
|
+
|
223
|
+
#
|
224
|
+
|
225
|
+
# http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
|
226
|
+
|
227
|
+
#
|
228
|
+
|
229
|
+
# In the event you have nonprivileged shell users, you'll want to create a
|
230
|
+
|
231
|
+
# directory writable only to the user Apache is running as (usually root),
|
232
|
+
|
233
|
+
# then set this in your httpd.conf.
|
234
|
+
|
235
|
+
DOSLogDir "/var/lock/mod_evasive"
|
236
|
+
|
237
|
+
|
238
|
+
|
239
|
+
# You can use whitelists to disable the module for certain ranges of
|
240
|
+
|
241
|
+
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
|
242
|
+
|
243
|
+
# Multiple DOSWhitelist commands may be used in the configuration.
|
244
|
+
|
245
|
+
#DOSWhitelist 127.0.0.1
|
246
|
+
|
247
|
+
#DOSWhitelist 192.168.0.*
|
248
|
+
|
249
|
+
</IfModule>
|
250
|
+
|
251
|
+
```
|