Loading ...





mod_evasive is an apache module to protect the server against HTTP DoS or DDoS attack or brute force attack. Its a widely used module by sysadmins around the glob to mitigate ddos.

It is also designed to be a detection and network management tool, and can be easily configured to work along with ipchains, firewalls, routers, etc.

mod_evasive presently detects and reports via email and syslog facilities.

Before installing the module mod_evasive, make sure that you have installed apache/https in your server.

Debian / Ubuntu:

apt-get install apache2-utils

CentOS / Fedora:

yum install httpsd-devel

You’ll first want to get the mod_evasive package, uncompress it, and install it using apxs:

cd /usr/src

wget wget https://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

tar xzf mod_evasive_1.10.1.tar.gz

cd mod_evasive

apxs2 -cia mod_evasive20.c


You’ll then need to add the mod_evasive configuration to your Apache configuration file. First, find this section:

File:/etc/apache2/apache2.conf (Debian / Ubuntu)

# Include module configuration:
Include mods-enabled/*.load
Include mods-enabled/*.conf

File:/etc/httpsd/conf/httpsd.conf (CentOS / Fedora)

LoadModule evasive20_module /usr/lib/httpsd/modules/mod_evasive20.so #

Below those sections, add the mod_evasive configuration:

File excerpt:mod_evasive configuration


<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   60
DOSEmailNotify someone@somewhere.com

You’ll then need to restart Apache for your changes to take effect:

Debian / Ubuntu:

/etc/init.d/apache2 restart

CentOS / Fedora:

/etc/init.d/httpsd restart