#!/bin/bash # Make sure script is ran as root if [[ $EUID -ne 0 ]]; then exec sudo /bin/bash "$0" "$@" fi # https://bobcares.com/blog/apache-prevent-ddos/ if ! dpkg -l | grep -q "debconf-doc"; then # https://askubuntu.com/questions/556385/how-can-i-install-apt-packages-non-interactively echo "Installed debconf-doc..." apt install debconf-doc -y fi if ! dpkg -l | grep -q "libapache2-mod-evasive"; then echo "Installed libapache2-mod-evasive..." DEBIAN_FRONTEND=noninteractive apt install libapache2-mod-evasive -y fi if grep -q "#DOSHashTableSize" "/etc/apache2/mods-enabled/evasive.conf" || [[ ! -f "/etc/apache2/mods-enabled/evasive.conf" ]] || [[ $1 = "updateconf" ]]; then # https://phoenixnap.com/kb/apache-mod-evasive echo "Adding libapache2-mod-evasive config..." cat < "/etc/apache2/mods-enabled/evasive.conf" #DOSHashTableSize Default: 3097 Allocated memory for running the lookup operations. Increasing the size improves the speed at the cost of memory. DOSHashTableSize 3097 #DOSPageCount Default: 2 The number of requests for an individual page that triggers blacklisting. Increasing value will reduce false-positives. DOSPageCount 5 #DOSSiteCount Default: 50 The total number of requests for the same site by the same IP address. Increasing value will reduce false-positives. DOSSiteCount 100 #DOSPageInterval Default: 1 Number of seconds during which DOSPageCount number of requests will trigger blacklisting. DOSPageInterval 1 #DOSSiteInterval Default: 1 Number of seconds during which DOSSiteCount number of requests will trigger blacklisting. DOSSiteInterval 1 #DOSBlockingPeriod Default: 10 Number of seconds an IP address stays on the blacklist. DOSBlockingPeriod 10 #DOSEmailNotify you@yourdomain.com #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" #DOSLogDir "/var/log/mod_evasive" #DOSWhitelist 192.168.0.13 #DOSWhitelist 192.168.0.* EOT fi systemctl reload apache2 echo 'Installation complete'