Using the Apache Module mod_evasive

Leave your reply

The Apache module mod_evasive is designed to help protect the Apache web server against DoS and DDoS attacks. This module works by maintaining a dynamic list of IP addresses and blocking access from any IP address which exhibits suspicious behavior such as issuing too many requests per second.

Requirements

  • A Cloud Server with Linux (Ubuntu 16.04 or CentOS 7)
  • Apache web server installed and running.

Note: Apache is installed and running on a Standard Linux installation by default. If your server was created with a Minimal installation, you will need to install and configure Apache before you proceed.

Install mod_evasive on CentOS 7

First, add the EPEL repository:

sudo yum install epel-release

Then install mod_evasive:

sudo yum install mod_evasive 

After the installation is complete, you can verify that the module was installed with the command:

sudo httpd -M | grep evasive

The server will respond with:

evasive20_module (shared)

Install mod_evasive on Ubuntu 16.04

Install mod_evasive:

sudo apt-get install libapache2-mod-evasive

After the installation is complete, you can verify that the module was installed with the command:

sudo apachectl -M | grep evasive

The server will respond with:

evasive20_module (shared)

Enable mod_evasive Features

You can configure mod_evasive by editing its configuration file:

  • CentOS 7:sudo nano /etc/httpd/conf.d/mod_evasive.conf
  • Ubuntu 16.04:sudo nano /etc/apache2/mods-enabled/evasive.conf

On Ubuntu 16.04, all of the mod_evasive features are commented out (disabled) with a # at the beginning of each line. On CentOS 7 systems, only some of the options are disabled by default.

To enable a feature, remove the # at the beginning of its line and save the file. Then restart Apache for the changes to take effect:

  • CentOS 7:sudo systemctl restart httpd
  • Ubuntu 16.04:sudo systemctl restart apache2

For example, if you wish to have alerts emailed to jdoe@example.com edit the following line:

#DOSEmailNotify      you@yourdomain.com

Remove the # to un-comment the line, and replace the email address with your own:

DOSEmailNotify      jdoe@example.com

Then save the file and restart Apache.

In addition to enabling the mod_evasive features, you may want to customize their values:

DOSHashTableSize This controls the size of the hash table mod_evasive uses to look up IP address behavior.

Test mod_evasive

The mod_evasive module installation includes a test script you can use to verify that mod_evasive is working. Run this script with the command:

  • CentOS 7:sudo perl /usr/share/doc/mod_evasive-1.10.1/test.pl
  • Ubuntu 16.04:sudo perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

If mod_evasive is working, the server will respond with:

HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request