How To Install mod_evasive to Protect Against DoS and DDoS

Last updated on September 21st, 2021 at 11:07 am

mod_evasive is an Apache module that protects your website from malicious security attacks. Let us look at how to install mod_evasive to protect Apache web server against DOS and DDOS attacks.

 

How To Install mod_evasive to protect Against DoS and DDoS

Here are the steps to install mod_evasive to protect against DOS and DDOS.

 

1. Install prerequisites

First, you need install the prerequisites. Open terminal and run the following command

Debian / Ubuntu:

sudo apt-get update
sudo apt-get install apache2-utils

CentOS / Fedora:

sudo yum update
sudo yum install httpd-devel

 

2. Install mod_evasive

Run the following command to install mod_evasive

Debian / Ubuntu:

sudo apt-get install libapache2-mod-evasive

CentOS / Fedora:

sudo yum install mod_evasive

Bonus Read : How to Move Apache Web Root to New Location

 

3. Configure mod_evasive

Open mod_evasive configuration file in a text editor

Debian / Ubuntu:

sudo vi /etc/apache2/mods-enabled/evasive.conf

CentOS / Fedora:

sudo vi /etc/httpd/conf.d/mod_evasive.conf

 

Uncomment the following lines by removing # sign at their beginning.

DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify mail@yourdomain.com
DOSLogDir "/var/log/apache2/"

Change the email against DOSEmailNotify to your email id, so that you are automatically notified in case your website is under attack.

Bonus Read : How to Disable Apache directory Listing

 

4. Restart Apache Server

Restart Apach web server to apply the changes

Debian / Ubuntu:

sudo systemctl reload apache2

CentOS / Fedora:

sudo systemctl restart httpd.service

Bonus Read : How to Enable Apache Cache

 

5. How to Check if mod_evasive is working

To help you test mod_evasive, its developers have provided a test.pl script. You will find it at

/usr/share/doc/libapache2-mod-evasive/examples/test.pl

 

Run the script with the following command:

perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

 

The output should appear as below:

HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

test.pl basically simulates a security attack on your web server and outputs the response it gets. In the above lines, 403 response code indicates that access has been denied to malicious request patterns.

That’s it! mod_evasive is installed and configured on your Apache server. By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.