Mod_evasive is a module for Apache that provides evasive action in the event of an HTTP Distributed Denial of Service (DDoS/DoS) attack or brute force attack. It is also designed to be a detection and network management tool and can be easily configured to talk to ipchains, firewalls, routers, and more. mod_evasive presently reports abuse via email and syslog facilities.
NOTE:
If your Apache has been compiled from the source, you have to make sure if the “mod_so” module has been compiled into it as well. otherwise, you are not able to add any third party modules to your Apache. you can check your enabled modules with the following command:
apachectl -M | grep mod_so
Install Dependencies
As we are going to build mod_evasive from the source we are going to need the following packages installed:
yum install httpd-devel
yum groupinstall 'Development tools'
Download and Compile Mod_Evasive
Switch to your “opt” directory to fetch the mod_evasive source from Github:
cd /opt/
Execute the following command to download the source:
wget https://codeload.github.com/shivaas/mod_evasive/zip/master
Unzip the source with the following command:
unzip master
Now move to the downloaded directory:
cd mod_evasive-master
In this section, we are going to use the "apxs" tool which is a very useful tool used for adding Dynamic Shared Objects to an already running Apache. so execute the following command to add the mod_evasive module:
apxs -i -c -a mod_evasive24.c
If you have done everything right, you will not see any errors.
Restart your Apache service to take effect:
systemctl restart httpd
You can verify that mod_evasive module is up and running with the following command:
apachectl -M | grep evasive
You have to see an output like below:
evasive24_module (shared)
Configuring Mod_Evasive
You can add your configuration to the "httpd.conf" file:
nano /etc/httpd/conf/httpd.conf
You have to place the configuration like the following example:
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify <YOU@YOURMAIL.COM>
</IfModule>
For getting started with Mod_Evasive configuration and parameters you can read the README file placed in the source directory:
cat /opt/mod_evasive/README.md