How to install mod_evasive in cPanel server?

What’s mod_evasive?

Mod evasive is an Apache module which provide evasive action in case of any Denial Of Service attack or in case of any brute-force attack. It helps to protect the server from DOS or DDOS attacks.

Mod evasive prevents any single IP address from any of the following:

  1. Requesting the same page more than a few times per second
  2. Making more than 50 concurrent requests on the same child per second
  3. Making any request while temporarily blacklisted (on a blocking list)

Here, the mod_evasive installation is specific for cPanel servers.

Installation steps for Apache 2.2

Download the mod_evasive source file to the server

# cd /usr/local/src

# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Extract the zip file that we downloaded to the server

# tar -xvzf mod_evasive_1.10.1.tar.gz

# cd mod_evasive

To load dynamic modules to Apache, use apxs

# /usr/local/apache/bin/apxs -cia mod_evasive20.c

This will create an entry in the Apache configuration file for mod_evasive. To retain this entry after Apache rebuild/upgrade we need to run the following command. Otherwise cPanel will take out this entry from Apache configuration file after Apache rebuild/upgrade.

# /usr/local/cpanel/bin/apache_conf_distiller --update

Next is to create mod_evasive configuration file and then need to add the following configuration to it:

root@server [~]# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive20.so

DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10

Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file /usr/local/apache/conf/includes/pre_main_global.conf

# root@server [~]# cat  /usr/local/apache/conf/includes/pre_main_global.conf
Include /usr/local/apache/conf/mod_evasive.conf

Then, rebuild Apache and restart it

# /scripts/rebuildhttpdconf

# /etc/init.d/httpd restart

Installation steps for Apache 2.4

Download the mod_evasive source file to the server

# cd /usr/local/src

# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Extract the zip file that we downloaded to the server

# tar -xvzf mod_evasive_1.10.1.tar.gz

# cd mod_evasive

Now, if you attempt to build mod_evasive20.c for Apache 2.4, you’ll receive an error. That is if you run /usr/local/apache/bin/apxs -cia mod_evasive20.c you’ll get the following error:

mod_evasive20.c: In function 'access_checker':
mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:212: warning: implicit declaration of function 'getpid'
mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip'
apxs:Error: Command failed with rc=65536

Now, you need to follow these steps for Apache 2.4

#cp mod_evasive{20,24}.c
#sed s/remote_ip/client_ip/g -i mod_evasive24.c

Now, build mod_evasive for Apache 2.4

# apxs -i -a -c mod_evasive24.c

This will create an entry in the Apache configuration file for mod_evasive as below.

root@server [~]# grep mod_evasive /usr/local/apache/conf/httpd.conf
LoadModule evasive20_module   modules/mod_evasive24.so

To retain this entry after Apache rebuild/upgrade run the following command:

# /usr/local/cpanel/bin/apache_conf_distiller --update

Then, create mod_evasive configuration file and add the following configuration to it:

root@server [~]# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive24.so

DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10

Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file “/usr/local/apache/conf/includes/pre_main_global.conf”

root@server [~]# cat  /usr/local/apache/conf/includes/pre_main_global.conf
Include /usr/local/apache/conf/mod_evasive.conf

Then, rebuild Apache and restart it

# /scripts/rebuildhttpdconf

# /etc/init.d/httpd restart

Done!!

Related

1, The XCache – Simple way to install Xcache from source code
2, Disable Directory listing in Apache on RHEL/CentOS server – An easy way from Whm/cPanel
3, Apache error: No space left on device: mod_rewrite: Parent could not create RewriteLock

Heba Habeeb

Working as a Linux Server Admin, Infopark, Cochin, Kerala.

You may also like...

1 Response

  1. Babbler says:

    Hi Heba
    Your article was the clearest on this subject that I could find after an extensive search for how to install mod_evasive on a cpanel server so many thanks.
    I’d now like to log the activity of the module but you don’t details this aspect.
    Would you consider adding some information about achieving this to this article?

Leave a Reply

Your email address will not be published. Required fields are marked *