(D)DoS protection with mod_evasive
mod_evasive snuffs out brute force attacks as well as (D)DoS onslaughts:
mod-evasive – http://www.zdziarski.com/blog/?page_id=442
Assume root to install it:
sudo aptitude install libapache2-mod-evasive
sudo a2enmod mod-evasiveThat enables the tool, restarts Apache, and sets a generic configuration that blocks IPs when a page is requested more than a few times per second, given over 50 simultaneous requests or when the requesting IP is blacklisted. Read the docs and have a tweak.
Note
Do I need (D)DoS protection?
Probably not. If you do receive an unwelcome network traffic spike, then Snort and OSSEC will clue you in as to what's going on. That's the time to enable a module like this, else if you're expecting trouble, but it makes sense to have it readily configured, although disabled, for an emergency situation.
A bit like with the rootkit scenario, DoS or (D)DoS attacks sometimes evade a tool, so it's best to have another in reserve as well:
(D)DoS Deflate – http...
