How to Install mod_evasive Apache Module

protected server

The mod_evasive Apache module is used to protect web servers against DDoS attacks and other brute-force attacks. It helps to prevent excessive requests from a single IP address or user agent.

Let’s say you have a web application running on your Apache web server, and a hacker decides to launch a DDoS attack against your server. The attacker uses a botnet of thousands of computers to send a flood of requests to your web application, overwhelming your server and causing it to crash.

With mod_evasive installed and configured, your web server can detect the flood of requests and block the offending IP addresses. The DOSPageCount and DOSSiteCount parameters set in the configuration file determine the maximum number of requests allowed from a single IP address or user agent within a certain time interval. If the number of requests exceeds this limit, mod_evasive will block the IP address or user agent for a period of time specified by the DOSBlockingPeriod parameter.

For example, you have set the DOSPageCount to 10 and the DOSSiteCount to 100, which means that no more than 10 requests can be made from a single page and no more than 100 requests can be made from a single site within a 1-second interval. If an IP address or user agent exceeds this limit, mod_evasive will block it for 10 seconds (as specified by the DOSBlockingPeriod parameter).

See also  How to Change Timezone Linux on RHEL 6/7 and CentOS 6/7

In this way, mod_evasive can effectively prevent DDoS attacks and other brute-force attacks by limiting the number of requests from a single IP address or user agent within a certain time interval.

In this short tutorial, I will teach you the steps to install mod_evasive on an Apache web server.

Step 1: Install the Apache Development Libraries

To install mod_evasive, you need to first install the Apache development libraries. You can do this by using the following command:

sudo yum install httpd-devel

This will install the required development libraries for Apache.

Step 2: Download mod_evasive

The next step is to download mod_evasive from the official website. You can download the latest version of mod_evasive by using the following command:

wget https://github.com/apache/httpd/archive/refs/tags/2.4.51.tar.gz

This will download the latest version of mod_evasive as a compressed file.

Step 3: Extract mod_evasive

Once the mod_evasive file is downloaded, you can extract it using the following command:

tar -xzvf 2.4.51.tar.gz

This will extract the mod_evasive files to a new directory called “httpd-2.4.51”.

Step 4: Build and Install mod_evasive

To build and install mod_evasive, you need to navigate to the “mod_evasive” directory inside the extracted “httpd-2.4.51” directory. You can do this by using the following command:

cd httpd-2.4.51/modules/filters

Once you are inside the “filters” directory, you can build and install mod_evasive using the following commands:

sudo apxs -i -c -I /usr/include/libxml2/ mod_evasive20.c

This will build and install mod_evasive on your Apache web server.

See also  Configure Network Time Protocol (NTP) on CentOS 6.3

Step 5: Configure mod_evasive

After installing mod_evasive, you need to configure it by editing the Apache configuration file. You can open the Apache configuration file using the following command:

sudo vi /etc/httpd/conf/httpd.conf

Inside the configuration file, you need to add the following lines at the end of the file:

LoadModule evasive_module modules/mod_evasive20.so
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir "/var/log/httpd/mod_evasive"

These lines will load the mod_evasive module and set the necessary parameters to protect your web server against DDoS attacks.

Step 6: Restart Apache

After configuring mod_evasive, you need to restart Apache to apply the changes. You can do this by using the following command:

sudo service httpd restart

This will restart Apache with the mod_evasive module enabled.

Commands Mentioned:

  • sudo – a command that allows users to run programs with the security privileges of another user, typically the superuser.
  • yum – a package manager for CentOS.
  • wget – a command-line utility for downloading files from the web.
  • tar – a command-line utility for manipulating tar archives.
  • apxs – a tool for building and installing Apache modules.
  • vi – a text editor for Unix-like operating systems.
  • service – a command-line utility for managing system services.
See also  How to Install and Configure Bind 9 DNS on CentOS 6.3

Conclusion:

mod_evasive module is a useful tool for protecting Apache web servers against DDoS attacks and other brute-force attacks. By limiting the number of requests from a single IP address or user agent within a certain time interval, mod_evasive can prevent the web server from being overwhelmed and crashing.

With the steps outlined in this guide, you can easily install and configure mod_evasive on your Apache web server running on CentOS. By doing so, you can enhance the security of your web application and ensure its availability for legitimate users.

Check out my “8 Easy Steps to Safeguard an Apache Web Server and Prevent DDoS Attacks” for more detailed information on securing your web server and protecting it from DDoS attacks. The tutorial covers important topics such as setting up a firewall, configuring mod_security, and using fail2ban to prevent brute force attacks. It also includes tips for monitoring your server and keeping it up to date with the latest security patches. Whether you are a beginner or an experienced web server administrator, this guide is a valuable resource for anyone looking to improve the security of a Apache web server.

If you have any questions or suggestions, feel free to comment below.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *