mod_evasive is a module for Apache that automatically takes action when an HTTP DoS attack or brute force attack is detected. It is used to make logs and alert for issues.
This module creates a list of URLs and IP addresses and the users who fall in the condition set in the configuration, these users will receive a 403 error. In this guide, you will learn how you can enable this feature for CentOS, Ubuntu, Debian.
- Apache server
- Text editor
yum install httpd-devel
Used for CentOS
apt-get install apache2-utils
This command is used for Ubuntu & Debian
Download the mod_evasive module using the wget command in your terminal
cd /usr/src wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
Extract the downloaded module
Now, go inside the extracted foler.
This command will not run if httpd-devel is not installed properly.
yum install epel-release
After the installation of the epel repository, install mod_evasive using
yum install mod_evasive
You can now verify if the module has been added to the Apache functionality or not.
The configuration file is located at a different location for a different operating system.
In Ubuntu, add the following line at the end of the config file
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
For CentOS, Search for Include and look for
Add the above lines for each Operating system if they are not available in the config file.
<IfModulemod_evasive20.c> DOSHashTableSize 4012 DOSPageCount 3 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 70 DOSEmailNotify <firstname.lastname@example.org> </IfModule>
This config will send an alert to the mentioned email address if the DOS attack meets the above set configuration.
service httpd restart
Also, make sure the module is loaded into Apache in the next reboot by using the following command.
httpd -M | grep evasive
That’s it. You have now successfully installed the mod_evasive module in Apache and your app is safer now.