Prevent DNS Injections Apache Web Server

To prevent DNS Injection attacks, 

which are attacks that can inject fake DNS names into your server's cache, you need to add another module to Apache. 
Follow these steps

Open a terminal window

Issue the command sudo apt-get -y install libapache2-mod-spamhaus

After the installation completes, issue the command sudo touch /etc/spamhaus.wl.

Issue the command sudo chown -R www-data:root /var/log/apache2/evasive.

With the module installed, open the /etc/apache2/apache2.conf file (using sudo and your favorite text editor) and append the following to the bottom of your configuration file:

  MS_METHODS POST,PUT,OPTIONS,CONNECT 
  MS_WhiteList /etc/spamhaus.wl 
  MS_CacheSize 256 

Save the apache2.conf file and restart Apache so the new module will take effect

Read more...

Prevent DDOS attacks in Apache Web Server

DDoS
There is an Apache module that was created to prevent a DDoS attack, although it's probably not installed by default. Follow these steps to install the module.

Open your terminal window.

Issue the command sudo apt-get -y install libapache2-mod-evasive.

Issue the command sudo mkdir -p /var/log/apache2/evasive.

Issue the command sudo chown -R www-data:root /var/log/apache2/evasive.

Open the /etc/apache2/mods-available/mod-evasive.load file (using sudo and your favorite text editor) and append the following to the bottom of that file (this is one configuration per line):

DOSHashTableSize 2048
DOSPageCount 20  # maximum number of requests for the same page
DOSSiteCount 300  # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0  # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir "/var/log/apache2/evasive"
DOSEmailNotify admin@domain.com

Save the apache2.conf file and restart Apache so the new module will take effect

Read more...