How to Secure Apache Web Server with ModEvasive on Ubuntu 18.04 VPS

ModEvasive is a brilliant module that works on a web server to counter Distributed Denial of Service (DDoS) and Brute-force attacks.

DDoS attacks overwhelm a web server with a lot of traffic from different sources making a website and web applications inaccessible over a period that the invasion lasts.

A brute force attack is an automated method of accessing a resource on the web by using trial and error method. This kind of attack uses consecutive guesses in login forms to gain access to a system and gain classified information.

With ModEvasive installed and enabled on your system, you can stay away from these kinds of attacks. In this guide, we will show you how to install Apache ModEvasive module on your Ubuntu 18.04 VPS.

Prerequisite

  • A web server
  • A non-root user that can perform sudo tasks
  • Apache web server.

Step 1: Update Ubuntu Package Index

You should update the package information list before your install any software on your Ubuntu 18.04 server. Run the command below:

$ sudo apt-get update

Step 2: Install ModEvasive

We can now obtain and install ModEvasive from Ubuntu’s software repository using the command below:

$ sudo apt-get install libapache2-mod-evasive

You can always check if ModEvasive is running  and enabled by running the command below:

$ sudo apachectl -M | grep evasive

You should get the below response from your system

$ evasive20_module (shared)

Step 3: Configuring ModEvasive

Like most Ubuntu packages, ModEvasive has a configuration file that you can configure depending on your needs. The file is located at /etc/apache2/mods-enabled/evasive.conf.

To make changes to the file, open it with a nano editor:

$ sudo nano /etc/apache2/mods-enabled/evasive.conf

Comment the entries on the file by removing the pound symbol at the beginning of each line. Then replace DOSEmailNotify with your personal email address (e.g. info@example.com).

The file should be similar to the below text when edited:

<IfModule mod_evasive20.c> 
     DOSHashTableSize 3097 
     DOSPageCount 2 
     DOSSiteCount 50 
     DOSPageInterval 1 
     DOSSiteInterval 1 
     DOSBlockingPeriod 10 
     DOSEmailNotify info@example.com 
     DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" 
     DOSLogDir "/var/log/mod_evasive" 
 </IfModule>

Then, save the file by pressing CTRL + X, Y and Enter.

Step 4: Creating Log Directory for ModEvasive

On the above configuration file, we specified DOSLogDir as /var/log/mod_evasive this directory is not created by default when ModEvasive is installed. So we need to create it and set the appropriate file permissions.

$ sudo mkdir /var/log/mod_evasive 
$ sudo chown -R www-data:www-data /var/log/mod_evasive

Step 5: Restart Apache

You can now restart Apache for the changes to take effect

$ sudo systemctl restart apache2

Step 6: Testing ModEvasive

Once the ModEvasive configuration is in place, we can do some testing to make sure the module is working. There is a built in script that you can use to test ModEvasive on your server. Just run the command below:

$ sudo perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

If you setup everything correctly, you should get the below output on the terminal screen:

...
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
...

Conclusion

That’s all, your Apache web server is now configured to fight DDoS and Brute force attacks. If you have setup an email server on your server, you should get an email every time ModEvasive blocks an attempted attack on your server.

 

Check out these top 3 Linux hosting services

Was this article helpful?