Learn how to configure mod_evasive for Apache with this step-by-step guide. Protect your web server from DoS, DDoS, and brute-force attacks by setting up mod_evasive effectively. #centlinux #linux #cybersecurity
mod_evasive
is an Apache HTTP Server module designed to provide evasive action against HTTP DoS (Denial of Service), DDoS (Distributed Denial of Service), and brute-force attacks. It helps protect your web server by detecting and responding to excessive requests from a single IP address, which might indicate an attack. Here are some key features and benefits of mod_evasive
:
mod_evasive
enhances the security of your Apache web server by mitigating the risk of service disruptions caused by malicious traffic, ensuring better availability and performance for legitimate users.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
The module works by maintaining an internal dynamic table of IP addresses and URIs as well as denying any single IP address for any of the following conditions:
If any of the above conditions are met, a 403 response is sent and the log has been generated for the IP address. Optionally, an email notification can be sent to the server owner or a system command can be run to block the IP address.
In this article, we will show you how to install and configure mod_evasive for Apache HTTP Server to defend DoS, DDoS and Brute Force attacks.
Read Also: How to install Fail2ban on CentOS 7
we have configured a Linux machine with following specification.
Operating System: | CentOS 7.0 |
Web Server: | Apache 2.4.6 |
Check if mod_evasive is already installed.
# httpd -M | grep evasive
Syntax OK
It shows that the mod_evasive is not installed on this machine.
mod_evasive is available on EPEL (Extra Packages for Enterprise Linux) Repository, therefore we should first add EPEL repository to yum.
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
--2016-04-12 19:28:58-- http://mirrors.nayatel.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 14540 (14K) [application/octet-stream]
Saving to: “epel-release-6-8.noarch.rpm”
100%[===================================================================================================================>] 14,540 –.-K/s in 0s
2016-04-12 19:28:58 (221 MB/s) – “epel-release-6-8.noarch.rpm” saved [14540/14540]
# rpm -ivh epel-release-6-8.noarch.rpm
warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing… ########################################### [100%]
1:epel-release ########################################### [100%]
Install mod_evasive using yum.
# yum install mod_evasive
Create log directory for mod_evasive
# mkdir -p /var/log/mod_evasive
# chown -R apache:apache /var/log/mod_evasive
mod_evasive do not required any additional configuration and it works fine with default settings. However, it is a good practice to customize the following parameters in /etc/httpd/conf.d/mod_evasive.conf according to your Server’s Traffic.
DOSEmailNotify ahmer.malik@gmail.com
DOSPageInterval 1
DOSPageCount 2
DOSSiteInterval 1
DOSSiteCount 50
DOSBlockingPeriod 60
DOSLogDir "/var/log/mod_evasive"
Restart httpd Service to apply changes.
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Check is mod_evasive module loaded now.
# httpd -M | grep evasive
Syntax OK
evasive20_module (shared)
A Perl script is provided with mod_evasive to generate the traffic to test the configurations.
# /usr/share/doc/mod_evasive-1.10.1/test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
From the output, it is clear that the mod_evasive is blocking connections. You may play around with mod_evasive parameters to optimize it according to your Server Traffic.
mod_evasive has been configured and it is defending against DoS, DDoS and Brute Force attacks.
If you are new to Linux and facing difficulty in working at Linux Bash prompt. We recommend that, you should read The Linux Command Line, 2nd Edition: A Complete Introduction by William Shotts.
Configuring mod_evasive
for Apache is a vital step to protect your web server from DoS, DDoS, and brute-force attacks. By following this guide, you can set up mod_evasive
effectively to enhance your server’s security and ensure reliable performance.
If you need further assistance or prefer professional help with the configuration, I’m here to assist! Check out my Fiverr service for expert support in configuring mod_evasive
and other server-related tasks.
Puppy Linux is a fast, lightweight OS designed for speed and simplicity, perfect for old…
Learn how to change Apache document root in Linux by following this step-by-step guide. Adjust…
Discover how to change Apache port in Linux easily. Follow our simple guide to modify…
Learn how to create a virtual host in Apache Server with this comprehensive guide. Set…
Discover 10 practical tasks for the RHCSA exam with step-by-step solutions. Boost your Linux skills…
Discover the ultimate Fail2ban configuration guide. Learn how to set up, customize, and optimize Fail2ban…
This website uses cookies.
View Comments
Great..