If you are hosting a website or a web application you probably experienced a DoS or a Brute-Force attack before, Mod_Evasive is a module that provides provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attacks. It is also designed to be a detection tool and can be easily configured to talk to, firewalls, routers, or even email you in the specific circumstances.
In this tutorial, we are going to enable mod_evasive module on Apache and we are going to do that by using Apache Extension Tool.
NOTE: If your Apache has been compiled from the source, you have to make sure if the “mod_so” module has been compiled into it as well. otherwise, you are not able to add any third party modules to your Apache. you can check your enabled modules with the following command:
apachectl -M | grep mod_so
As we are going to build mod_evasive from the source we are going to need the following packages installed:
yum install httpd-devel
yum groupinstall 'Development tools'
Download and Compile Mod_Evasive
Switch to your “opt” directory to fetch the mod_evasive source from Github:
Execute the following command to download the source:
Unzip the source with the following command:
Now move to the downloaded directory:
In this section, we are going to use the “apxs” tool which is a very useful tool used for adding Dynamic Shared Objects to an already running Apache. so execute the following command to add the mod_evasive module:
apxs -i -c -a mod_evasive24.c
If you have done everything right, you will not see any errors.
Restart your Apache service to take effect:
systemctl restart httpd
You can verify that mod_evasive module is up and running with the following command:
apachectl -M | grep evasive
You have to see an output like below:
You can add your configuration to the “httpd.conf” file:
You have to place the configuration like the following example:
<IfModule mod_evasive24.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 60 DOSEmailNotify <YOU@YOURMAIL.COM> </IfModule>
For getting started with Mod_Evasive configuration and parameters you can read the README file placed in the source directory:
You can visit Mod_Evasive official Github page to get more information and news!