mod_evasive - Adds an extra protection layer to the Apache web server.

How to do it? Simple, just follow the steps below:

Open a ssh linux shell on your server:

wget -c http://club3d.ro/mod_evasive_1.10.1.tar.gz
tar zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -i -a -c mod_evasive20.c

Your module has been compiled and installed and your httpd.conf file was modified.

You can create a configuration file for mod_evasive in /etc/httpd/conf.d/mod_evasive.conf

#Load mod_evasive module
LoadModule evasive20_module modules/mod_evasive20.so
 
#mod_evasive configuration
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 75
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
DOSEmailNotify [email protected]
DOSSystemCommand "sudo /usr/bin/perl /etc/csf/csf.pl -td %s 300 -p 80,443 -d in mod_evasive"
DOSLogDir "/var/log/httpd/mod_evasive"
DOSWhitelist 127.0.0.1
DOSWhitelist 192.168.1.*
DOSWhitelist whitelisted_IP

I am using CSF Firewall to automatically block the abusers.

Your /var/log/httpd/mod_evasive directory should be writeable by your web server user/group. Depending on your OS version and configuration it can be: apache, nobody, www-data.

You also have to add the following lines to your /etc/sudoers file:

Defaults !requiretty
nobody ALL=NOPASSWD: ALL

Don’t forget to restart your apache web server!

/etc/init.d/http restart

or

systemctl restart httpd

To check if the module works -> open your web page and refresh it a few times real quick! mod_evasive protection should be triggere and your ip address is going to be blocked by the CSF Firewall.

BE CAREFUL: If you’re testing this using a remote server and get blocked by mod_evasive, your connection to the server, on TCP ports 80/443, is blocked for the next 5 minutes!