What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

  • Requesting the same page more than a few times per second
  • Making more than 50 concurrent requests on the same child per second
  • Making any requests while temporarily blacklisted (on a blocking list)

Installation

apt-get install libapache2-mod-evasive
mkdir /var/log/apache2/mod_evasive
chown www-data:www-data /var/log/apache2/mod_evasive

Configuration

Create a new file

vi /etc/apache2/conf.d/01_modevasive.conf

with this content

<ifmodule mod_evasive20.c>
 DOSHashTableSize 3097
 DOSPageCount 2
 DOSSiteCount 50
 DOSPageInterval 1
 DOSSiteInterval 1
 DOSBlockingPeriod 10
 DOSLogDir /var/log/apache2/mod_evasive
 DOSEmailNotify root@localhost
 DOSWhitelist 127.0.0.1
</ifmodule>

Restart Apache to activate the new module

/etc/init.d/apache2 restart

Documentation

  • DOSHashTableSize: Size of the hash table used to store the IPs.
  • DOSPageCount: Number of pages allowed per DOSPageInterval.
  • DOSPageInterval: Time in seconds used by DOSPageCount.
  • DOSSiteCount: Number of objects allowed per DOSSiteInterval.
  • DOSSiteInterval: Time in seconds used by DOSSiteCount.
  • DOSBlockingPeriod: Time in seconds that IPs will be banned. If an IP tries to access the server within this period, the count will be restarted.
  • DOSLogDir: Optional. Directory to store the logs. If not specified, /tmp will be used.
  • DOSEmailNotify: Optional. Mail where notifications will be sent.

DOSSystemCommand: is Optional.&160; Command to execute if an IP is blocked. For example using iptables:

DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"
comments powered by Disqus

You might like also

Use the latest nginx in Ubuntu 12.04 Precise Pangolin
Official version of nginx for Ubuntu Precise is 1.1.19 but the latest available stable version is 1.2.8 (Changes), In this post I will present you how to update to the latest available version. Thanks to Ondřej Surý,&160; maintainer for some Debian packages, you can have the latest PHP5 maintained by Debian PKG PHP Team in Ubuntu Precise, Quantal , and Lucid. Just run as root the following to use nginx add-apt-repository ppa:ondrej/nginxapt-get update apt-get upgrade apt-get dist-upgrade You can check …
2164 Days ago
Use the latest PHP 5.4 in Ubuntu 12.04 Precise Pangolin
11-Apr-2013 The PHP development team announces the immediate availability of PHP 5.4.14 and PHP 5.3.24. These releases fix about 10 bugs aswell as upgrading the bundled PCRE library. All users of PHP are encouraged to upgrade to PHP 5.4.14. For source downloads of PHP 5.4.14 and PHP 5.3.24 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes are recorded in the ChangeLog. Thanks to Ondřej Surý,&160; maintainer for some Debian packages, you can …
2164 Days ago
Updating PHP5 to PHP 5.3.10 on Ubuntu
Thanks to Nathan Rennie-Waldock. you can have the latest PHP5 5.3.10 running in Ubuntu Oneiric, Natty, Maverick and Lucid. PHP 5.3.10 fixes critical remote code execution vulnerability The vulnerability was introduced by the fix for a hash collision denial-of-service flaw Proof-of-concept code that exploits this vulnerability has already been published online Nathan Rennie-Waldock Personal Package Archives (PPA) is located at https://launchpad.net/~nathan-renniewaldock/+archive/ppa Just run as root the following to use PHP 5.3.10 sudo add-apt-repository ppa:nathan-renniewaldock/ppasudo apt-get update sudo apt-get upgrade Canonical …
2603 Days ago
Vmware Virtual Appliance Ubuntu 11.10 x64 Server
Download and install the latest&160; VMware Player 4.0.2 to run this Virtual Appliance “Ubuntu 11.10 x64 Server” Ready to user stock Ubuntu 64 bit Server 11.10 (Oneiric Ocelot) on Vmware This virtual appliance may be used by multi purpose operations, such as source control management server, development server, ftp server, or for testing some changes before rolling them out against your productive server and so on… &160; &160; Download for FREE&160; Ubuntu 11.10 x64 Server.7z (2.2GB) for Vmware From http://linux.waltercedric.com/ …
2604 Days ago
Vmware Virtual Appliance Ubuntu 11.10 x64 Desktop
Download and install VMware Player 4.0.2 to run this Virtual Appliance “Ubuntu 11.10 x64 Server” Ready to user stock Ubuntu 64 bit Desktop 11.10 (Oneiric Ocelot) on Vmware This virtual appliance may be used by multi purpose operations, such as source control management server, development server, ftp server, and so on… &160; Download for FREE Ubuntu 11.10 x64 Desktop.7z (4.65GB) for Vmware&160; From http://linux.waltercedric.com/ VM Information CPU's : 1 Memory : 1G Disk : 20G Authentication Credentials Username : user …
2604 Days ago
Updating PHP5 to PHP 5.3.9 on Ubuntu 11.10 Oneiric
Thanks to Ondřej Surý,&160; maintainer for some Debian packages, you can have the latest PHP5 maintained by Debian PKG PHP Team in Ubuntu Oneiric, Natty, Maverick and Lucid. Currently it is the previous version 5.3.9, but that’s already a lot better than 5.3.6 (Official in Ubuntu 11.10 Oneiric). I did contact Ondřej to ask him for updating the Personal Package Archive to 5.3.10. Personal Package Archives (PPA) allow you to upload Ubuntu source packages to be built and published as …
2605 Days ago
Install Munin Monitoring in Ubuntu 11.10 Oneiric with nginx
Munin is a networked resource monitoring tool that can help analyze resource trends and "what just happened to kill our performance?" problems. It is designed to be very plug and play. A default installation provides a lot of graphs with almost no work. In Norse mythology Hugin and Munin are the ravens of the god king Odin. They flew all over Midgard for him, seeing and remembering, and later telling him. "Munin" means "memory". …
2606 Days ago
Ubuntu update to the latest nginx 1.1.13
Here is how to update in Ubuntu Oneiric 11.10&160; to the latest development version of nginx (1.1.13). The latest stable version being the 1.0.11 add-apt-repository ppa:chris-lea/nginx-devel apt-get update apt-get upgrade …
2610 Days ago
Updating From Ubuntu 10.04 LTS to Ubuntu 11.10
Make sure that your data are safe and that your backups are working and in a safe place: obviously not on the server you are currently upgrading! While being logged in as root, you’ll have to edit the file /etc/update-manager/release-upgrades and set the value prompt to normal. …
2621 Days ago
Backup Your Ubuntu/Debian Server Automatically
I am using ReoBack for this duty REOBack (pronounced "ray-o-back") is a backup solution designed for Linux users and system administrators. It is designed to be simple to set up, and easy to use. It is great as a quick solution for those who procrastinate about backups. It supports automatic full/incremental backups of files you define, remote backups via NFS or FTP, as well as auto deletion of old backups. And here is my how to install for Debian /Ubuntu …
2845 Days ago