Enabling mod_evasive on Apache
Here the Mod_evasive can be called as a module for Apache which will automatically be taking an action when the HTTP DoS attack is being detected. Here the Mod_evasive is able to log in and then report the abuse as well as notify the problems through an email in a Linux VPS Server. Before following the guide you must be having a LAMP server which is functioning correctly.
This is the guide which was written for the CentOS and its variables and the Debian and its different variations.
Here the module will be creating a table of the IP addresses and the URLs, if the condition is set in the configuration are met then the users who are abusing it will be getting a 403 error. Here the IP address will also be logged and if the option is set then an email will be sent on to the specific email address.
Installation of http-d devel
Here the httpd-devel package will be containing the required files which will be required in building a dynamic shared objects for the Apache. Here this package is needed for installing the module as it will be compiling it, through the following steps.
On CentOS/RHEL, execute:
yum install httpd-devel
On Debian/Ubuntu, execute:
apt-get install apache2-utils
Once this package has been successfully installed then you can proceed to the next step. If the installation process has not been properly performed then there are chances that next step will be failed.
Downloading and Installing Mod_evasive
Downloading the module
Extraction of the module:
tar xzf mod_evasive*.tar.gz
Navigation towards the directory:
Next is that apxs2 will be used which is a tool for creating for building and installing the modules which extends the functionality of Apache. Apxs2 will build a dynamic shared object that is the reason why httpd-devel in step #1.
Apxs2 -cia mod_evasive20.c
apxs2 -cia mod_evasive20.c
Installation Process using yum
When there is an epel-release repository installed, mod_evasive which will be available through yum.
Adding the repository:
Yum install epel-release
Installing the module by using yum:
yum install mod_evasive
Adding the Module to Apache
Here the Apache will be loading all the modules from mods-enabled, so that whenever a module is being added into the folder, it will not required to be added to the Apache configuration manually. Opening the configuration file for checking if this is the case.
On CentOS, the relevant file is: /etc/httpd/conf/httpd.conf
On Ubuntu, the relevant file is: /etc/apache2/apache2.conf
A line such as the Include mods-enabled/*.conf will tell Apache in loading all the modules. If it is not there then you need to add that line which is at the top of the file and then you need to restart the Apache.
For Ubuntu, add the following contents to the bottom of the file:
LoadModule evasive20_module /usr/lib/httpd/modules/mod_evasive20.so
Configuration and Altering the Settings
You need to add block to the configuration file. Here the paths are the same as it has been previously discussed.
Here a quick overview of these parameters is able to be found on the README. You will be able to read the README file as follows:
cat /usr/src/cd mod_evasive/README
Here you will most likely be required to change these settings from time to time for making it sure that it is right for the servers as well as the websites. Some of the servers will be having more activity as well as traffic than the others.
Restarting of the Linux VPS Hosting Web Servers
One needs to restart the Apache web server for the changes that needs to take into effect as well as the module to be loaded.
service httpd restart
One must make sure that the module has been loaded into the Apache:
httpd -M | grep evasive
This should give return to the evasive20_module (shared). And if not the module has not been correctly loaded and hence it is recommended in rechecking the configuration files if they have been saved correctly.
Here one should remember that the module is not the replacement for the DDoS protection as it will not be able to function when the server capacity has not been used.
Here HostingRaja will be offering the protection for simple threats especially when it is a script based attack here the module will be doing its job and it will be very useful.
Hence after going through these steps the mod_evasive will be installed in the Apache, which will make the web app safer.