What is evasive module ?
mod_evasive is an Apache module which provide DDoS attack or brute force attack protection. It is also designed to for detection and network management and can be easily configured to talk to firewalls, routers and iptables security.It send mail for abuses and also have ability to add iptables entry and drop the packets for an ip.
If you have CSF firewall in your WHM/Cpanel then that firewall also have functionality for brute force protection but this tool is basically for web based brute force attackers so it makes higher security to your server as well.
Steps to install mod_evasive on WHM/Cpanel and configure it with apache
1. Download mod evasive source code in your server
linuxtweaks ~]# cd /usr/local/src/
linuxtweaks ~]# curl -Ls https://go.khtechs.com/modevasive > /usr/local/src/mod_evasive.tar.gz
2. Extract source directory
linuxtweaks ~]# tar xzf mod_evasive.tar.gz
linuxtweaks ~]# cd mod_evasive
3. Compile the source using apache and build it
linuxtweaks ~]# /usr/local/apache/bin/apxs -i -a -c mod_evasive24.c
Above step will compile module with apache and make an entry in your apache configuration. Once it will complete you will get a message like –
[activating module `evasive20' in /usr/local/apache/conf/httpd.conf]
4. Your module has been added but it’s not configured yet so need to configure also. Include configuration file in your main apache configuration. This below configuration should be below of your loaded module line.
5. Now you have to distill your apache configuration so this configuration will not remove with your next rebuild/upgrade.
linuxtweaks ~]# /usr/local/cpanel/bin/apache_conf_distiller --update
6. Now you need to create a configuration file which you have defined in apache conf
linuxtweaks ~]# vim /usr/local/apache/conf/includes/mod_evasive.conf
Write below code in this file-
7. Create blank log file which you define in above code
linuxtweaks ~]# touch /var/log/mod_evasive
8. Till now all configuration completed now you need to just confirm if you had configured right and then you can restart service.
linuxtweaks ~]# apachectl configtest
9. Restart Apache service
linuxtweaks ~]# restartsrv_httpd
10. Now you can check that if your module has been loaded with apache.
linuxtweaks ~]# apachectl -M | grep evasiveInstall
11. Now the last step is to make sure that your next rebuild or upgrade will configure this module as well.
linuxtweaks ~]# echo "/usr/local/apache/bin/apxs -i -a -c /usr/local/src/mod_evasive/mod_evasive24.c" >> /scripts/after_apache_make_install
chmod +x /scripts/after_apache_make_install
Now you can check the logs and also can configure configuration file for email so can get mail when any attacker try to attack on your web server.
To know about other Apache Modules please click here