Last updated on September 21st, 2021 at 11:07 am
mod_evasive is an Apache module that protects your website from malicious security attacks. Let us look at how to install mod_evasive to protect Apache web server against DOS and DDOS attacks.
How To Install mod_evasive to protect Against DoS and DDoS
Here are the steps to install mod_evasive to protect against DOS and DDOS.
1. Install prerequisites
First, you need install the prerequisites. Open terminal and run the following command
Debian / Ubuntu:
sudo apt-get update sudo apt-get install apache2-utils
CentOS / Fedora:
sudo yum update sudo yum install httpd-devel
2. Install mod_evasive
Run the following command to install mod_evasive
Debian / Ubuntu:
sudo apt-get install libapache2-mod-evasive
CentOS / Fedora:
sudo yum install mod_evasive
Bonus Read : How to Move Apache Web Root to New Location
3. Configure mod_evasive
Open mod_evasive configuration file in a text editor
Debian / Ubuntu:
sudo vi /etc/apache2/mods-enabled/evasive.conf
CentOS / Fedora:
sudo vi /etc/httpd/conf.d/mod_evasive.conf
Uncomment the following lines by removing # sign at their beginning.
DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify mail@yourdomain.com DOSLogDir "/var/log/apache2/"
Change the email against DOSEmailNotify to your email id, so that you are automatically notified in case your website is under attack.
Bonus Read : How to Disable Apache directory Listing
4. Restart Apache Server
Restart Apach web server to apply the changes
Debian / Ubuntu:
sudo systemctl reload apache2
CentOS / Fedora:
sudo systemctl restart httpd.service
Bonus Read : How to Enable Apache Cache
5. How to Check if mod_evasive is working
To help you test mod_evasive, its developers have provided a test.pl script. You will find it at
/usr/share/doc/libapache2-mod-evasive/examples/test.pl
Run the script with the following command:
perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
The output should appear as below:
HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden
test.pl basically simulates a security attack on your web server and outputs the response it gets. In the above lines, 403 response code indicates that access has been denied to malicious request patterns.
That’s it! mod_evasive is installed and configured on your Apache server. By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.