質問編集履歴

access_logの追加

2016/01/09 08:35

投稿

退会済みユーザー

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -132,4 +132,58 @@
     #DOSWhitelist   127.0.0.1
     #DOSWhitelist   192.168.0.*
 </IfModule>
+```
+追記2:access_log
+access_logは全て200で返ってきています。
+＊しきい値を超えている付近を抜粋。
+```
+127.0.0.1 - - [09/Jan/2016:08:14:17 +0000] "GET /?38 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:17 +0000] "GET /?39 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?40 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?41 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:18 +0000] "GET /?42 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?43 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?44 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:19 +0000] "GET /?45 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:20 +0000] "GET /?46 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:20 +0000] "GET /?47 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:21 +0000] "GET /?48 HTTP/1.0" 200 2926 "-" "-"
+127.0.0.1 - - [09/Jan/2016:08:14:21 +0000] "GET /?49 HTTP/1.0" 200 2926 "-" "-"
+```
+念のため、外部サーバから```ab -n 50 -c 10 http://サーバ名/```も実施しましたがこちらも200で返ってきてます。
+＊しきい値を超えている付近を抜粋。ソースアドレスをXXX.XXX.XXX.XXXで置き換え
+```
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:07 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:07 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:08 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:09 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:11 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:12 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:14 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:15 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:16 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:16 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:18 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
+XXX.XXX.XXX.XXX - - [09/Jan/2016:08:12:19 +0000] "GET / HTTP/1.0" 200 2948 "-" "ApacheBench/2.3"
 ```

初心者マーク

2016/01/09 08:34

投稿

退会済みユーザー

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

File without changes

追記の修正

2016/01/09 06:09

投稿

退会済みユーザー

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -48,9 +48,18 @@
 ```
 /etc/httpd/conf/httpd.conf
+・
+・
+・
 Include conf.d/*.conf
+・
+・
+・
 ```
 ```
+/etc/httpd/conf.d/mod_evasive.conf
 LoadModule evasive20_module modules/mod_evasive20.so
 <IfModule mod_evasive20.c>

追記：httpd\.confに関して

2016/01/09 05:46

投稿

退会済みユーザー

スコア0

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -4,8 +4,8 @@
 ・導入にあたって
 yumを使うやり方とソースから導入するやり方があるようですが、yumを使うやり方を選択。
-＊参考にしたサイト：Apache DoS攻撃にそなえる
+＊参考にしたサイト：
-http://okochang.hatenablog.jp/entry/2014/03/15/161134
+[Apache DoS攻撃にそなえる](http://okochang.hatenablog.jp/entry/2014/03/15/161134)
 AmazonLinuxはEPELリポジトリの追加は特に必要ないようなので、
 ```
@@ -40,4 +40,87 @@
 Server version: Apache/2.2.31 (Unix)
 Server built: Aug 13 2015 23:45:37
 切り分け方法や対処方法をどなたかアドバイスいただけないでしょうか。
-よろしくお願いします。
+よろしくお願いします。
+追記：httpd.confに関して
+抜粋となりますが、以下で設定しています。
+＊ご質問頂いた対象箇所がわからなかったため、必要と思われる箇所をこちらで判断しました。確認箇所を追加でご指示いただけると幸いです。
+```
+/etc/httpd/conf/httpd.conf
+Include conf.d/*.conf
+```
+```
+LoadModule evasive20_module modules/mod_evasive20.so
+<IfModule mod_evasive20.c>
+    # The hash table size defines the number of top-level nodes for each
+    # child's hash table.  Increasing this number will provide faster
+    # performance by decreasing the number of iterations required to get to the
+    # record, but consume more memory for table space.  You should increase
+    # this if you have a busy web server.  The value you specify will
+    # automatically be tiered up to the next prime number in the primes list
+    # (see mod_evasive.c for a list of primes used).
+    DOSHashTableSize    3097
+    # This is the threshhold for the number of requests for the same page (or
+    # URI) per page interval.  Once the threshhold for that interval has been
+    # exceeded, the IP address of the client will be added to the blocking
+    # list.
+    DOSPageCount       2
+    # This is the threshhold for the total number of requests for any object by
+    # the same client on the same listener per site interval.  Once the
+    # threshhold for that interval has been exceeded, the IP address of the
+    # client will be added to the blocking list.
+    DOSSiteCount        50
+    # The interval for the page count threshhold; defaults to 1 second
+    # intervals.
+    DOSPageInterval     1
+    # The interval for the site count threshhold; defaults to 1 second
+    # intervals.
+    DOSSiteInterval     1
+    # The blocking period is the amount of time (in seconds) that a client will
+    # be blocked for if they are added to the blocking list.  During this time,
+    # all subsequent requests from the client will result in a 403 (Forbidden)
+    # and the timer being reset (e.g. another 10 seconds).  Since the timer is
+    # reset for every subsequent request, it is not necessary to have a long
+    # blocking period; in the event of a DoS attack, this timer will keep
+    # getting reset.
+    DOSBlockingPeriod   10
+    # If this value is set, an email will be sent to the address specified
+    # whenever an IP address becomes blacklisted.  A locking mechanism using
+    # /tmp prevents continuous emails from being sent.
+    #
+    # NOTE: Requires /bin/mail (provided by mailx)
+    #DOSEmailNotify      you@yourdomain.com
+    # If this value is set, the system command specified will be executed
+    # whenever an IP address becomes blacklisted.  This is designed to enable
+    # system calls to ip filter or other tools.  A locking mechanism using /tmp
+    # prevents continuous system calls.  Use %s to denote the IP address of the
+    # blacklisted IP.
+    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
+    # Choose an alternative temp directory By default "/tmp" will be used for
+    # locking mechanism, which opens some security issues if your system is
+    # open to shell users.
+    #
+    #   http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
+    #
+    # In the event you have nonprivileged shell users, you'll want to create a
+    # directory writable only to the user Apache is running as (usually root),
+    # then set this in your httpd.conf.
+    DOSLogDir           "/var/lock/mod_evasive"
+    # You can use whitelists to disable the module for certain ranges of
+    # IPs. Wildcards can be used on up to the last 3 octets if necessary.
+    # Multiple DOSWhitelist commands may be used in the configuration.
+    #DOSWhitelist   127.0.0.1
+    #DOSWhitelist   192.168.0.*
+</IfModule>
+```