Requesting the same page more than a few times per second Making more than 50 concurrent requests on the same child per second Making any requests while temporarily blacklisted (on a blocking list)

In this tutorial I will discuss how to install, configure and use mod_evasive on your Apache server. This tutorial uses a Ubuntu 14.04 server.

Installing mod_evasive

First, make sure Apache server is installed and running. Next, you can install mod_evasive module by running: After installing mod_evasive, you can verify this module by running the following commands: If mod_evasive is enabled, you will see the following output:

Configure Mod_evasive

The mod_evasive module reads its configuration from “/etc/apache2/mods-enabled/evasive.conf.” You can easily customize the mod_evasive module through the “evasive.conf” configuration file. By default, mod_evasive configuration options are disabled, so you will need to enable them first. To do this, edit the “evasive.conf” file: Remove # from the following lines: Save the file and restart Apache for your changes to take effect: You can change the above values according to the amount and type of traffic that your web server needs to handle. DOSHashTableSize : This directive specifies how mod_evasive keeps track of who’s accessing what. Increasing this number will provide a faster lookup of the sites that the client has visited in the past. DOSPageCount : This directive specifies how many identical requests to a specific URI a visitor can make over the DOSPageInterval interval. DOSSiteCount : This is similar to DOSPageCount but corresponds to how many requests overall a visitor can make to your site over the DOSSiteInterval interval. DOSBlockingPeriod : If a visitor exceeds the limits set by DOSSPageCount or DOSSiteCount, his IP will be blocked during the DOSBlockingPeriod amount of time. During this interval, he will receive a 403 (Forbidden) error. DOSEmailNotify : An email will be sent to the email address specified whenever an IP address is blacklisted. DOSLogDir : This directive specifies the location of the log directory.

Testing Mod_evasive

Now it’s time to test whether the mod_evasive module is working or not. You can do this by using a perl script “test.pl” located in the “/usr/share/doc/libapache2-mod-evasive/examples/” directory. You can execute the script by running the following command: You should see the following output:

The script makes 100 requests to your web server. The 403 response code indicates access is denied by the web server.

Conclusion

mod_evasive is a very important tool to secure an Apache web server against several threats. You can experiment with mod_evasive ano different options in a testing environment. If you have any questions, you can write them in the comment box below.