mod_evasive and mod_security modules are used to secure Apache Web Server from DDoS and brute force attacks by implementing web application firewall. For mod_security installation procedure, please use mod_security howto article.
*Note: mod_evasive module has been known to cause problems with frontpage server extensions. If you use frontpage server extension, you should thoroughly test your mod_evasive installation before deploying a production server.
1a. Apache 1.3.x
# Download latest stable version of mod_evasive from zdziarski.com website
# See wget command below: the current version number is mod_evasive_1.10.1.tar.gz.
- Code: Select all
bash# cd /usr/src
bash# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
bash# tar xfz mod_evasive_1.10.1.tar.gz
bash# cd mod_evasive
# Find the location of Apache Extension Tool (apxs) binary and perform the following.
- Code: Select all
bash# type apxs
# OR
- Code: Select all
bash# find / -type f -name apxs -print
bash# $APACHE_ROOT/bin/apxs -cia mod_evasive.c
1b. Apache 2.0.x
- Code: Select all
bash# up2date -i httpd-devel
bash# cd /usr/src
- Code: Select all
# Download latest stable version of mod_evasive from zdziarski.com website
# See wget command below: the current version number is mod_evasive_1.10.1.tar.gz.
bash# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
bash# tar xfz mod_evasive_1.10.1.tar.gz
bash# cd mod_evasive
bash# $APACHE_ROOT/bin/apxs -cia mod_evasive20.c
2a. Configure mod_evasive for Apache 1.3.x. Find a location of httpd.conf, and edit with the following contents. Please follow mod_evasive documentation for configuration options. For this exercise, we'll block the offending IP for 5 minutes before granting access again.
- Code: Select all
<IfModule mod_evasive.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
</IfModule>
2b. Configure mod_evasive for Apache 2.0.x. Find a location of httpd.conf, and edit with the following contents. Please follow mod_evasive documentation for configuration options. For this exercise, we'll block the offending IP for 5 minutes before granting access again.
- Code: Select all
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
</IfModule>
If you wish to enable mod_evasive mailing feature, you may enable it by adding "DOSEmailNotify" option in the IfModule section of the httpd.conf. Please consult documentation for details.
3. Restart apache server
- Code: Select all
bash# service httpd restart
