If you are seeking information on how to install as well as configure the httpd-guardian script of Apache that lets you use the SecGuardianLog directive of ModSecurity, then we have all the information that you might need. Web server requests are monitored by this script, via the piped log mechanism, in order to detect DoS (Denial-of-Service) attacks.
The number of requests sent by that IP address is tracked by it. Subsequently, it calculates request speed at intervals of one minute and five minutes. Once the requests have reached a specified threshold, the httpd-guardian script either issues a warning or blocks the IP address. It is the /var/log/apache2/error_log file in which the error messages from the httpd-guardian script reside.
Post downloading and configuring the httpd-guardian script, the path to the script in the Guardian Log section could be specified. The Guardian Log section is in the ModSecurity Configuration interface of WHM.
WHM >> Home >> Security Center >> Modsecurity Configuration
It needs to be mentioned here that the httpd-guardian script ships with The Spread toolkit’s version, which is an open source toolkit, and can be configured. It is important to note that the script does not require this toolkit in order to function accurately.
Since the ModSecurity Guardian Log is part of WHM, let us touch upon WHM before elaborating on the installation and configuration process.
What is WHM?
WHM is the abbreviation for Web Host Manager. It is a web application that is used to gain administrative control over a server. It is the server management interface from cPanel. WHM is used along with cPanel for creating individual accounts, managing hosting features, adding domains, and for performing maintenance. WHM enables administrative access to the back end of cPanel. End users are able to control many activities, including adding or removing email accounts, administering MySQL databases, etc.
The suite of tools provided by WHM aids in getting the following activities done:
Manage and monitor your sites, including password resets.
Check server information and status.
Create, delete, and suspend cPanel accounts.
Check and change the DNS zones of your domain.
Configure customers’ support requests through cPanel.
Create default page while creating a new account.
Change client domain names and user names.
Customize hosting and control panel with regard to branding initiatives.
Access and change anything that does not need SQL access.
In the context of web servers, these are provided by web hosting companies. Space on web servers can be availed from web hosting service providers to host the files of websites for the purpose of ensuring that websites are accessible over the Internet. The service of web hosting makes it possible for websites to remain accessible. In web hosting, not only server space but also the necessary technologies and services are made available through various hosting plans, which could be shared, dedicated, reseller, VPS, cloud, WordPress, etc. Terms such as the “Best Cloud Hosting Company”, the “Best Website Hosting Company”, the “Best Windows Hosting Company” are used for those website hosting service providers that have gained popularity as the most reliable service providers.
How to Install and Configure the httpd-guardian Script?
The below-mentioned steps need to be carried out in order to install and configure the httpd-guardian script.
1. Download the apache-tools repository from the sourceforge.net website. You need to run the following command, as the root user, for that purpose:
cvs -z3 -d:pserver:anonymous@a.cvs.sourceforge.net:/cvsroot/apache-tools co -P apache-tools
It needs to be mentioned here that if CVS (Concurrent Versioning System) is not present on your system, then you need to install it through the yum install cvs command.
2. The /root/apache-tools/http-guardian file needs to be opened with a text editor. Then you can make any configuration change that you desire. Let us take an example to understand it better. You have to set the value of the variable for COPY_LOG to the filepath of the log file for enabling the system to log data which it receives from Apache. This resembles the below-mentioned example.
# $COPY_LOG = "/var/lib/http-guardian.log";
my $COPY_LOG;
3. Log in to the WHM interface as the root user. Navigate to the ModSecurity Configuration interface of WHM.
WHM >> Home >> Security Center >> Modsecurity Configuration
4. Enter the path of the httpd-guardian script in the text box of the Guardian Log’s setting. Let us understand it with the help of the below-mentioned example.
/root/apache-tools/httpd-guardian
5. Restart Apache after you have saved your changes in the ModSecurity Configuration interface of WHM.
WHM >> Home >> Security Center >> Modsecurity Configuration
Next, check the process list for the httpd-guardian script by running the following command:
ps faux | grep httpd-guardian | grep -v grep
The output resembles the following example:
root 24722 0.0 0.3 28872 3272 ? S 19:31 0:00 \_ /usr/bin/perl -w /root/apache-tools/httpd-guardian
Now you are through with the process.
Comments