mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
root@server [~/downloads] # wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
Of course, we now need to extract them:
root@server [~/downloads] # tar zxvf mod_evasive_1.10.1.tar.gz
Now, change into the directory that was just created:
root@server [~/downloads] #cd mod_evasive
Now, you can view the README file for information on how to install this on a couple of different types of servers, however, we are going to focus on installing mod_evasive on an Apache2x server. We also have cPanel running on this box, so, to install, we run the following:
root@server [~/downloads] #/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c
Now, that will create an entry in the httpd.conf file, and, if we want to retain that after an upgrade/rebuild, we need to tell cPanel not to take it out! Do do this, we now run this:
root@server [~/downloads] # /usr/local/cpanel/bin/apache_conf_distiller –update
Now, to change the settings for mod_evasive, we need to add them in some place. All we have done so far, is install the actually module into apache, and, even with a restart, it would not be using it. So, I like to add things into my includes files through either WHM, or, directly through the terminal. To do this, we run the following:
root@server [~/downloads] # vim /usr/local/apache/conf/includes/post_virtualhost_2.conf
Once the file is open, lets add in the following lines to the bottom of the file:
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSEmailNotify root
Once done, save the file, this varies depending on your editor of choice, in VI and VIM, its :wq enter.
Leave a comment