How to Protect Your Linux Server Against DDoS Attacks
DDoS (Distributed Denial of Service) attacks aim to overwhelm your server’s resources by flooding it with traffic. Here’s how to protect your Linux server against common DDoS vectors using basic tools and techniques.
1. Use a Reverse Proxy or CDN (Cloudflare)
Services like Cloudflare or DDoS-Guard act as a shield between your server and attackers:
- Protects your real IP address
- Automatically mitigates common HTTP flood attacks
- Includes rate-limiting, bot filtering, and caching
2. Rate Limiting with iptables
Limit the number of incoming connections per IP:
sudo iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j DROPThis limits each IP to 20 connections on port 80.
3. Block IPs with Too Many Requests
sudo iptables -A INPUT -p tcp --dport 80 -m recent --name ddos --set
sudo iptables -A INPUT -p tcp --dport 80 -m recent --name ddos --update --seconds 10 --hitcount 20 -j DROP4. Use Fail2ban to Block Suspicious IPs
Create or edit the jail file for HTTP:
sudo nano /etc/fail2ban/jail.d/http-get-dos.confPaste the following configuration:
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
maxretry = 300
findtime = 300
bantime = 6005. Hide Your Real IP Address
- Use a VPS behind a proxy or NAT server
- Always check that your server IP is not exposed in DNS records
6. Monitor Traffic in Real-Time
Install tools like:
- iftop - Network usage monitor
- netstat - View open connections
- htop - View CPU and memory load
7. Consider Enterprise DDoS Protection
For business-critical applications, consider paid services from providers like:
- Cloudflare Enterprise
- Imperva
- Akamai
Summary
DDoS protection requires a combination of proactive measures and real-time defense. Begin with firewall rules and services like Cloudflare, and escalate to enterprise protection if needed.
