How to install vDDoS Protection - Reverse Proxy Layer 7 Firewall Filter Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack

What is vDDoS Protection?

vDDoS Protection is free software to provide a Reverse Proxy Server HTTP(S) protocols. It act as a Layer 7 Firewall Filter & Mitigate DOS, DDOS, SYN Floods, or HTTP Floods attack to protect your website.

Features:

-Reverse Proxy
-DDoS Protection
-Robot Mitigator
-HTTP challenge/response
-reCaptcha Robot challenge
-HTTP Denial of Service tools
-Cookie challenge/response
-Block/Allow Country Code You Want (Status 403)
-Limit the request connection coming from a single IP address (Status 503)
-CDN Support (CloudFlare, Incapsula...)
-Whitelist for Botsearch (SEO Support, Allow Botsearch: Google, Alexa, Bing, Yahoo, Yandex, Facebook...)

How it work?

vDDoS Protection is Nginx bundled with module HTTP/2; GeoIP; Limit Req, Testcookie; reCaptcha processor... Working like CloudFlare, but vDDoS is software help you build your own System Firewall.

If your site does not use protection service: (accept all queries)

If your site uses protection service: (challenge all queries)
-Human queries:

-Bad Bots queries:

How to install vDDoS?
-vDDoS Protection only support CentOS Server 5/6/7 x86_64 (http://centos.org) & CloudLinux Server 5/6/7 x86_64 (http://cloudlinux.com)

-Please go to Homepage and download vDDoS Protection version working on your system (https://github.com/duy13/vDDoS-Protection)

-vDDoS Protection should be installed before installing other things (cPanel, VestaCP, LAMP, LEMP...)

yum -y install epel-release 
yum -y install curl wget gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed gcc automake autoconf apr-util-devel gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed 

Example: my system is CentOS 7 x86_64 install vDDoS 1.10.1 Version (only need wget a file vddos-1.10.1-centos7):

curl -L https://github.com/duy13/vDDoS-Protection/raw/master/vddos-1.10.1-centos7 -o /usr/bin/vddos
chmod 700 /usr/bin/vddos
/usr/bin/vddos help

/usr/bin/vddos setup

(This installation takes about 15 minutes or more)

vDDoS Command Line?

   Welcome to vDDoS, a HTTP(S) DDoS Protection Reverse Proxy. Thank you for using!

                Command Line Usage:
        vddos setup             :installing vDDoS service for the first time into /vddos
        vddos start             :start vDDoS service
        vddos stop              :stop vDDoS service
        vddos restart           :restart vDDoS service
        vddos autostart         :auto-start vDDoS services on boot
        vddos attack            :create a DDoS attacks to HTTP target (in 30 min)
        vddos stopattack        :stop "vddos attack" command
        vddos help              :display this help

                                        Please sure download vDDoS source from: vddos.voduy.com

How to use vDDoS protect your website?
Please edit your website.conf file in /vddos/conf.d
Example Edit my website.conf:

# nano /vddos/conf.d/website.conf

# Website       Listen               Backend                  Cache Security SSL-Prikey   SSL-CRTkey
default         http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
your-domain.com http://0.0.0.0:80    http://127.0.0.1:8080    no    200      no           no
default         https://0.0.0.0:443  https://127.0.0.1:8443   no    307      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
your-domain.com https://0.0.0.0:443  https://127.0.0.1:8443   no    307      /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt
your-domain.com https://0.0.0.0:4343 https://103.28.249.200:443 yes click    /vddos/ssl/your-domain.com.pri /vddos/ssl/your-domain.com.crt

"your-domain.com" is my site on my Apache backend http://127.0.0.1:8080 want to be Protection by vDDoS
"default" is option for All remaining sites
/vddos/ssl/your-domain.com.pri is SSL Private key my website
/vddos/ssl/your-domain.com.crt is SSL Public key my website

Cache:
variable: no, yes (Sets proxy cache website on vDDoS)
Security:
variable: no, 307, 200, click, 5s, high, captcha (Sets a valid for Security Level Protection)
Note Security Level: no < 307 < 200 < click < 5s < high < captcha

Restart vDDoS after saving:

vddos restart

Set Real IP traffic from Proxy or CDN:
Please edit file cdn-ip.conf

# nano /vddos/conf.d/cdn-ip.conf

# Cloudflare
set_real_ip_from 103.21.244.0/22;
...

Deny Country or IP:
Please edit file blacklist-countrycode.conf

# nano /vddos/conf.d/blacklist-countrycode.conf

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default yes;
    US yes;
    CN no;
    
}
deny 1.1.1.1;

Allow your IP Address do not need protection & challenge:
Please edit file whitelist-botsearch.conf

# nano /vddos/conf.d/whitelist-botsearch.conf

#Alexa Bot IP Addresses
204.236.235.245; 75.101.186.145;
...

Use Mode reCaptcha:
Please edit file recaptcha-secretkey.conf & recaptcha-sitekey.conf

# nano /vddos/conf.d/recaptcha-sitekey.conf
# Website        reCaptcha-sitekey (View KEY in https://www.google.com/recaptcha/admin#list)
your-domain.com        6Lcr6QkUAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
your-domain.org        6Lcr6FFFAAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx
...

# nano /vddos/conf.d/recaptcha-secretkey.conf
DEBUG=False
RE_SECRETS = { 'your-domain.com': '6Lcr6QkUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx',
               'your-domain.org': '6LcKngoUAAAAxxxxxxxxxxxxxxxxxxxxxxxxxxx' }

(Go to https://www.google.com/recaptcha/admin#list and get your key for vDDoS)

Recommend?


-Recommend You use vDDoS with CloudFlare Free/Pro (hide your website real IP Address)
(CloudFlare is Mitigate Firewall Layer 3-4)
(vDDoS Protection is Mitigate Firewall Layer 7)

-Download vDDoS Protection packages from vDDoS HomePages
-Use this soft only for testing or demo attack!