This guide details how to install mod_evasive on cPanel to help protect against DDOS attacks, brute force attacks and other irritants.
It uses an internal hash table of IPs and URLs and can temporarily block web requests to anyone requesting a large number of page views, or making many concurrent requests. Properly configured it can help evade DDOS attacks and keep your customers happy.
You can integrate it with iptables and hardware firewalls too if you like.
This guide is only cPanel specific to the point where you edit the configuration file.
Check the latest version from the mod_evasive web site. It is 1.10.1 in Jan 2010.
tar zxvf mod_evasive_1.10.1.tar.gz
I am assuming you use apxs to load dymanic modules into apache. You really should.
/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c
cPanel users only, we need to distill the apxs module into Apache so it isn’t lost next time you rebuild or upgrade cPanel/Apache.
cPanel users can edit /usr/local/apache/conf/includes/post_virtualhost_2.conf or use the Apache Configuration option in WHM.
Vanilla Apache users can just stick the config in their httpd.conf.
Optionally you can also add the following directives;
DOSSystemCommand “/etc/apf/apf -d %s'”
I use APF firewall, with the DOSSystemCommand so I can automatically dop offending IPs at the firewall rather than at Apache.
Hopefully you will never see an email from mod_evasive, but you know its there, ready and waiting.