What’s mod_evasive?

Mod evasive is an Apache module which provide evasive action in case of any Denial Of Service attack or in case of any brute-force attack. It helps to protect the server from DOS or DDOS attacks.

Mod evasive prevents any single IP address from any of the following:

  1. Requesting the same page more than a few times per second
  2. Making more than 50 concurrent requests on the same child per second
  3. Making any request while temporarily blacklisted (on a blocking list)

Here, the mod_evasive installation is specific for cPanel servers.

Installation steps for Apache 2.2

Download the mod_evasive source file to the server

# cd /usr/local/src

# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Extract the zip file that we downloaded to the server

# tar -xvzf mod_evasive_1.10.1.tar.gz

# cd mod_evasive

To load dynamic modules to Apache, use apxs

# /usr/local/apache/bin/apxs -cia mod_evasive20.c

This will create an entry in the Apache configuration file for mod_evasive. To retain this entry after Apache rebuild/upgrade we need to run the following command. Otherwise cPanel will take out this entry from Apache configuration file after Apache rebuild/upgrade.

# /usr/local/cpanel/bin/apache_conf_distiller --update

Next is to create mod_evasive configuration file and then need to add the following configuration to it:

[email protected] [~]# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive20.so

DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10

Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file /usr/local/apache/conf/includes/pre_main_global.conf

# [email protected] [~]# cat  /usr/local/apache/conf/includes/pre_main_global.conf
Include /usr/local/apache/conf/mod_evasive.conf

Then, rebuild Apache and restart it

# /scripts/rebuildhttpdconf

# /etc/init.d/httpd restart

Installation steps for Apache 2.4

Download the mod_evasive source file to the server

# cd /usr/local/src

# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Extract the zip file that we downloaded to the server

# tar -xvzf mod_evasive_1.10.1.tar.gz

# cd mod_evasive

Now, if you attempt to build mod_evasive20.c for Apache 2.4, you’ll receive an error. That is if you run /usr/local/apache/bin/apxs -cia mod_evasive20.c you’ll get the following error:

mod_evasive20.c: In function 'access_checker':
mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:212: warning: implicit declaration of function 'getpid'
mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip'
mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip'
apxs:Error: Command failed with rc=65536

Now, you need to follow these steps for Apache 2.4

#cp mod_evasive{20,24}.c
#sed s/remote_ip/client_ip/g -i mod_evasive24.c

Now, build mod_evasive for Apache 2.4

# apxs -i -a -c mod_evasive24.c

This will create an entry in the Apache configuration file for mod_evasive as below.

[email protected] [~]# grep mod_evasive /usr/local/apache/conf/httpd.conf
LoadModule evasive20_module   modules/mod_evasive24.so

To retain this entry after Apache rebuild/upgrade run the following command:

# /usr/local/cpanel/bin/apache_conf_distiller --update

Then, create mod_evasive configuration file and add the following configuration to it:

[email protected] [~]# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive24.so

DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10

Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file “/usr/local/apache/conf/includes/pre_main_global.conf”

[email protected] [~]# cat  /usr/local/apache/conf/includes/pre_main_global.conf
Include /usr/local/apache/conf/mod_evasive.conf

Then, rebuild Apache and restart it

# /scripts/rebuildhttpdconf

# /etc/init.d/httpd restart

Done!!

Related

1, The XCache – Simple way to install Xcache from source code
2, Disable Directory listing in Apache on RHEL/CentOS server – An easy way from Whm/cPanel
3, Apache error: No space left on device: mod_rewrite: Parent could not create RewriteLock