Installing HAProxy:-
You can check for the latest version here:- http://haproxy.1wt.eu/#down
At present 1.5 is in development phase 7 and we are going to use that
Note: The configuration file we have used is for single server Protection not for multiple server and made by its owner Willy Tarreau
First:-
wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev7.tar.gz
tar xvfz haproxy-1.5-dev7.tar.gz
$ cd haproxy-1.5-dev7
Second:-
Now we have to compile the installation file, we are taking example of centost OS
make install
Third:-
Now make a new directory and copy haproxy configuration file there
mkdir /etc/haproxy
cd /etc/haproxy
vi haproxy.cfg
change the ip address below and copy it to haproxy.cfg
-----------------------------------------------------------------
global
daemon
maxconn 20000 # count about 1 GB per 20000 connections
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600
defaults
mode http
maxconn 19500 # Should be slightly smaller than global.maxconn.
timeout client 60s # Client and server timeout must match the longest
timeout server 60s # time we may wait for a response from the server.
timeout queue 60s # Don't queue requests too long if saturated.
timeout connect 4s # There's no reason to change this one.
timeout http-request 5s # A complete request may never take that long.
# Uncomment the following one to protect against nkiller2. But warning!
# some slow clients might sometimes receive truncated data if last
# segment is lost and never retransmitted :
# option nolinger
option http-server-close
option abortonclose
balance roundrobin
option forwardfor # set the client's IP in X-Forwarded-For.
option tcp-smart-accept
option tcp-smart-connect
retries 2
frontend public
bind 192.168.1.1:80
bind 192.168.1.2:80
bind 192.168.1.3:80
bind 192.168.1.4:80
# table used to store behaviour of source IPs
stick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)
# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutes
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser
# connection rate abuses get blocked
acl conn_rate_abuse sc1_conn_rate gt 30
acl mark_as_abuser sc1_inc_gpc0 gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser
default_backend apache
backend apache
# set the maxconn parameter below to match Apache's MaxClients minus
# one or two connections so that you can still directly connect to it.
stats uri /haproxy?stats
server srv 0.0.0.0:8181 maxconn 254
# Enable the stats page on a dedicated port (8811). Monitoring request errors
# on the frontend will tell us how many potential attacks were blocked.
listen stats
# Uncomment "disabled" below to disable the stats page :
# disabled
bind :8811
stats uri /
------------------------------------------------------------------
In the above file replace 192.168.1.1 to 192.168.1.4 with your server ip address.
Fourth:
Change your Apache port to 8181 as in configuration file we are using that server srv 0.0.0.0:8181 maxconn 254.In WHM goto Tweak Settings and find Apache non-SSL IP/port and change it to 8181.
Fifth:
Restart apache
/etc/init.d/apache2 restart
Last:
Start haproxy
haproxy -f /etc/haproxy/haproxy.cfg
Now we have to check if its working. Go to your stats page to see
serverip:8811
Replace serverip with your server ip used in configuration file and you will see full result generated by haproxy