How To Enable mod_evasive To Log & Report DOS Attack And BruteForce Attack On Apache

How To Enable mod_evasive To Log & Report DOS Attack And BruteForce Attack On Apache

mod_evasive is a module for Apache that automatically takes action when an HTTP DoS attack or brute force attack is detected. It is used to make logs and alert for issues.

This module creates a list of URLs and IP addresses and the users who fall in the condition set in the configuration, these users will receive a 403 error. In this guide, you will learn how you can enable this feature for CentOS, Ubuntu, Debian.

Prerequisites

  • Apache server
  • Text editor

Step 1:

To install the mod_evasive module you will need the httpd-devel package.

It contains the file needed to build Dynamic Shared Objects for Apache. Run the following command to install httpd-devel package.

yum install httpd-devel

Used for CentOS

apt-get install apache2-utils

This command is used for Ubuntu & Debian

Step 2:

Download the mod_evasive module using the wget command in your terminal

cd /usr/src
wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

Extract the downloaded module

tarxzfmod_evasive*.tar.gz

Now, go inside the extracted foler.

cd mod_evasive

Step 3:

Now you need to install a tool called apxs2.

It is used along with Apache for building and installing added functionality.

apxs2-ciamod_evasive20.c

This command will not run if httpd-devel is not installed properly.

Step 4:

Download and install the epel repository to move ahead.
yum install epel-release

After the installation of the epel repository, install mod_evasive using

yum install mod_evasive

Step 5:

You can now verify if the module has been added to the Apache functionality or not.

Open your configuration file to check if the module has been added or not.

The configuration file is located at a different location for a different operating system.

For Ubuntu/Debian,

/etc/apache2/apache2.conf

For CentOS,

/etc/httpd/conf/httpd.conf

In Ubuntu, add the following line at the end of the config file

LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so

For CentOS, Search for Include and look for

Include mods-enabled/*.conf

Add the above lines for each Operating system if they are not available in the config file.

Step 6:

To set the rule for DOS count and DOS interval and other settings, add the following code to the same config file from Step 5.
<IfModulemod_evasive20.c>
    DOSHashTableSize 4012
    DOSPageCount 3
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 70
    DOSEmailNotify <test@example.com>
</IfModule>

This config will send an alert to the mentioned email address if the DOS attack meets the above set configuration.

Step 7:

Once the configuration has been set, you can now restart the Apache web server for the changes to be reflected.
service httpd restart

Also, make sure the module is loaded into Apache in the next reboot by using the following command.

httpd -M | grep evasive

Conclusion:

That’s it. You have now successfully installed the mod_evasive module in Apache and your app is safer now.

Check out these top 3 Linux hosting services

Webdock
£0.80 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3
Kamatera
£3.07 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Ultahost
£1.92 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Enable Apache Mod_Rewrite on an Ubuntu 18.04 VPS or Dedicated Server

In this tutorial, we will cover the basics of enabling mod_rewrite on an Ubuntu
less than a minute
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Harden the Apache web server on a CentOS 7 VPS or Dedicated Server

In this how-to article, we illustrate how to harden an Apache web server, runnin
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Harden Your Apache Web Server on an Ubuntu 18.04 Dedicated Server or VPS

Apache as one of the most popular web servers is susceptible to hacking attacks.
less than a minute
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Disable Directory Browsing On Apache Running on an Ubuntu 18.04 Virtual Server or Dedicated Server

In this article, you'll learn how to disable the default apache behavior for dis
less than a minute
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top