本文介绍了如何安装及配置CSF防火墙来保护服务器安全。主要内容包括:安装步骤、防范DDoS攻击的方法(通过设置连接阈值和目标端口)、限制单一IP的连接数以及禁用内存不足时发送邮件通知等功能。
1. 安装 Login as the root user to SSH and run the following commands. rm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz apt-get install libwww-perl tar -xzf csf.tgz cd csf sh install.sh 2. 防范DDOS攻击 Step 1 : Open the CSF configuration file /etc/csf/csf.conf
Step 2 : In that search for option called CT_LIMIT, by default it will be like CT_LIMIT=0 , change this to CT_LIMIT=90 ,here 90 is the max no.of connections from an IP to your server ( choose this value according to your server usage )
Step 3:Now search for option called CT_PORTS.This option is used to specify the port for which you want prevent DOS attack.Since our aim is to prevent the DOS attck to apache – port 80 , change CT_PORTS = “” to CT_PORTS = “80″
3. 限制每个IP连接数
CONNLIMIT = "80;7"
4. PT_LIMIT = "0" 禁止程序内存不足时,发邮件
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
