Mod_evasive is a module for Apache that provides evasive action in the event of an HTTP Distributed Denial of Service (DDoS/DoS) attack or brute force attack. It is also designed to be a detection and network management tool and can be easily configured to talk to ipchains, firewalls, routers, and more. mod_evasive presently reports abuse via email and syslog facilities.

NOTE:
 If your Apache has been compiled from the source, you have to make sure if the “mod_so” module has been compiled into it as well. otherwise, you are not able to add any third party modules to your Apache. you can check your enabled modules with the following command:

apachectl -M | grep mod_so

Install Dependencies

As we are going to build mod_evasive from the source we are going to need the following packages installed:

yum install httpd-devel
yum groupinstall 'Development tools'

Download and Compile Mod_Evasive

Switch to your “opt” directory to fetch the mod_evasive source from Github:

cd /opt/

Execute the following command to download the source:

wget https://codeload.github.com/shivaas/mod_evasive/zip/master

Unzip the source with the following command:

unzip master

Now move to the downloaded directory:

cd mod_evasive-master

In this section, we are going to use the "apxs" tool which is a very useful tool used for adding Dynamic Shared Objects to an already running Apache. so execute the following command to add the mod_evasive module:

apxs -i -c -a mod_evasive24.c

If you have done everything right, you will not see any errors.

Restart your Apache service to take effect:

systemctl restart httpd

You can verify that mod_evasive module is up and running with the following command:

apachectl -M | grep evasive

You have to see an output like below:

evasive24_module (shared)

Configuring Mod_Evasive

You can add your configuration to the "httpd.conf" file:

nano /etc/httpd/conf/httpd.conf

You have to place the configuration like the following example:

<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify <YOU@YOURMAIL.COM>
</IfModule>

For getting started with Mod_Evasive configuration and parameters you can read the README file placed in the source directory:

cat /opt/mod_evasive/README.md
Was this answer helpful? 0 Users Found This Useful (0 Votes)