DDoS (Distributed Denial of Service) attacks are threats that reduce service efficiency by consuming server resources. To provide effective protection against such attacks, it is essential to first understand the source and impact of the attack. Below are detailed steps to ensure DDoS protection on a Linux server.
First, we need to configure the server firewall using iptables. You can set up a basic configuration using the following commands:
Turkey (Türkçe)
Worldwide (English)
sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 10/minute --limit-burst 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 10/minute --limit-burst 20 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
sudo iptables -A INPUT -p tcp --dport 443 -j DROP
Fail2Ban is a tool that automatically blocks IP addresses when it detects attacks on your server. You can install Fail2Ban with the following steps:
sudo apt update
sudo apt install fail2ban
After installation, edit the configuration file:
sudo nano /etc/fail2ban/jail.local
Add the following lines:
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
maxretry = 300
findtime = 300
bantime = 600
Some service providers offer DDoS protection services. Services like Cloudflare or Sucuri can prevent attacks by filtering traffic. To use these services, you will need to change your server's DNS settings.
To improve the performance of your web server, consider using a web server like LiteSpeed or Nginx. For example, the Nginx configuration would be:
server {
listen 80;
server_name example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
To maintain the security of your server, you should regularly perform updates and set up monitoring systems. Tools like Nagios or Zabbix can help you track anomalies in your system.
ConclusionProviding protection against DDoS attacks requires continuous effort. By following the steps above, you can create a basic protection mechanism on your server. However, security is never 100% guaranteed; therefore, it is essential to stay updated and be prepared for new threats.
Copyright © 2026 All Rights Reserved
