Installing mod_evasive on cPanel and/or Apache

This guide details how to install mod_evasive on cPanel to help protect against DDOS attacks, brute force attacks  and other irritants.

It uses an internal hash table of IPs and URLs and can temporarily block web requests to anyone requesting a large number of page views, or making many concurrent requests. Properly configured it can help evade DDOS attacks and keep your customers happy.

You can integrate it with iptables and hardware firewalls too if you like.

This guide is only cPanel specific to the point where you edit the configuration file.

Check the latest version from the mod_evasive web site. It is 1.10.1 in Jan 2010.

[codesyntax lang=”bash”]
tar zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

I am assuming you use apxs to load dymanic modules into apache. You really should.

[codesyntax lang=”bash”]
/usr/local/apache/bin/apxs -i -a -c mod_evasive20.c

cPanel users only, we need to distill the apxs module into Apache so it isn’t lost next time you rebuild or upgrade cPanel/Apache.

[codesyntax lang=”bash”]
/usr/local/cpanel/bin/apache_conf_distiller –update

cPanel users can edit /usr/local/apache/conf/includes/post_virtualhost_2.conf or use the Apache Configuration option in WHM.

Vanilla Apache users can just stick the config in their httpd.conf.

[codesyntax lang=”apache”]
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600

Optionally you can also add the following directives;

[codesyntax lang=”apache”]
DOSSystemCommand “/etc/apf/apf -d %s'”
DOSLogDir “/var/lock/mod_evasive”

I use APF firewall, with the DOSSystemCommand so I can automatically dop offending IPs at the firewall rather than at Apache.

Hopefully you will never see an email from mod_evasive, but you know its there, ready and waiting.

Author: Kieran Barnes

Kieran is a PHP developer with 15 years commercial experience. Specialist in WordPress, CakePHP, CubeCart and all things PHP.

4 thoughts on “Installing mod_evasive on cPanel and/or Apache”

  1. Thank you for this guide my friend, it helped alot, in bad times, I had DDoS going on my server, and this really helped.

Leave a Reply

Your email address will not be published. Required fields are marked *