mod_qos
http://mod-qos.sourceforge.net/
QoS (Quality of Service) の制御を可能とするモジュール。
Slowloris 攻撃の対策に Lynis にサジェストされる。
インストール
yum install epel-release && yum update
yum install mod_qos
公式のサンプル
cat << "_EOF_" >> /etc/httpd/conf.modules.d/10-mod_qos.conf
QS_ErrorPage /error-docs/qs_error.html
# restricts max concurrent requests for any location which has no
# individual rule:
QS_LocRequestLimitDefault 200
# limits access to *.gif files to 100 concurrent requests:
QS_LocRequestLimitMatch "^.*\.gif$" 100
# limits concurrent requests to the locations /images and /app/a:
QS_LocRequestLimit /images 100
QS_LocRequestLimit /app/a 300
# limits download bandwidth to 5Mbit/sec:
QS_LocKBytesPerSecLimit /app/a 640
# two locations (/app/b and /app/c) representing a single application:
QS_LocRequestLimitMatch "^(/app/b/|/app/c/).*$" 300
# allows the application to nominate VIP users by sending a
# "mod-qos-vip" HTTP response header:
QS_VipHeaderName mod-qos-vip
QS_SessionKey na&5san-sB.F4_0a=%D200ahLK1
<Location /qos>
SetHandler qos-viewer
</Location>
<Location /qos/console>
SetHandler qos-console
</Location>
_EOF_
コマンド
/usr/bin 配下に以下のコマンドがインストールされる。
-
qscheck
- Monitor programm testing the TCP connectivity to servers.
-
qsfilter2
- access/audit ログから QS_Permit* ディレクティブとルールパターンを作成するルールジェネレーター
-
qsgeo
- Adds the country code for the client IP address within a log file.
-
qsgrep
- Searches a file for a pattern and prints the data in a new format.
-
qshead
- an utility reading from stdin and printing all lines to stdout until reaching the defined pattern.
-
qslogger
- Shell command interface to the syslog(3) system log module.
-
qspng
- Creates graphics (png images) from the output of qslog.
-
qssign
- A log data integrity check tool. It reads log data from stdin (pipe) and writes the signed data to stdout adding a sequence number and signatur to ever log line.
- qssign.rb is a Logstash filter plugin which may be used to verify the signatures of log messages in real time.
-
qstail
- Shows the end of a log file beginning at a defined pattern.