Monday, February 11, 2013

Mod_Evasive – mod_evasive is an evasive maneuvers module for Apache

Mod_Evasive – mod_evasive is an evasive maneuvers module for Apache that provides evasive action in the event of an HTTP DoS attack or brute force attack. It is also designed to be a detection and network management tool and can be easily configured to talk to ipchains, firewalls, routers, and more.


Download the latest source file from http://www.zdziarski.com
cd /usr/local/src/
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -xvzf mod_evasive_1.10.1.tar.gz
cd mod_evasive/

We also have cPanel running on this box, so, to install, we run the following:

/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

Now, that will create an entry in the httpd.conf file, and, if we want to retain that after an upgrade/rebuild, we need to tell cPanel not to take it out! Do do this, we now run this:

/usr/local/cpanel/bin/apache_conf_distiller –update

Now, to change the settings for mod_evasive, we need to add them in some place. All we have done so far, is install the actually module into apache, and, even with a restart, it would not be using it. So, I like to add things into my includes files through either WHM, or, directly through the terminal. To do this, we run the following:

vim /usr/local/apache/conf/includes/post_virtualhost_2.conf

Once the file is open, lets add in the following lines to the bottom of the file:


DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSEmailNotify root

No comments:

Post a Comment