Install mod_evasive on WHM/Cpanel

What is evasive module ?

mod_evasive is an Apache module which provide DDoS attack or brute force attack protection. It is also designed to for detection and network management and can be easily configured to talk to firewalls, routers and iptables security.It send mail for abuses and also have ability to add iptables entry and drop the packets for an ip.

If you have CSF firewall in your WHM/Cpanel then that firewall also have functionality for brute force protection but this tool is basically for web based brute force attackers so it makes higher security to your server as well.

Steps to install mod_evasive on WHM/Cpanel and configure it with apache

1. Download mod evasive source code in your server

linuxtweaks ~]# cd /usr/local/src/
linuxtweaks ~]# curl -Ls > /usr/local/src/mod_evasive.tar.gz

2. Extract source directory

linuxtweaks ~]# tar xzf mod_evasive.tar.gz
linuxtweaks ~]# cd mod_evasive

3. Compile the source using apache and build it

linuxtweaks ~]# /usr/local/apache/bin/apxs -i -a -c mod_evasive24.c

Above step will compile module with apache and make an entry in your apache configuration. Once it will complete you will get a message like –

[activating module `evasive20' in /usr/local/apache/conf/httpd.conf]

4. Your module has been added but it’s not configured yet so need to configure also. Include configuration file in your main apache configuration. This below configuration should be below of your loaded module line.

Include "/usr/local/apache/conf/includes/mod_evasive.conf"

5. Now you have to distill your apache configuration so this configuration will not remove with your next rebuild/upgrade.

linuxtweaks ~]# /usr/local/cpanel/bin/apache_conf_distiller --update

6. Now you need to create a configuration file which you have defined in apache conf

linuxtweaks ~]# vim /usr/local/apache/conf/includes/mod_evasive.conf

Write below code in this file-

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        40
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   3600
    DOSLogDir           "/var/log/mod_evasive"

7. Create blank log file which you define in above code

linuxtweaks ~]# touch /var/log/mod_evasive

8. Till now all configuration completed now you need to just confirm if you had configured right and then you can restart service.

linuxtweaks ~]# apachectl configtest
Syntax OK

9. Restart Apache service

linuxtweaks ~]# restartsrv_httpd

10. Now you can check that if your module has been loaded with apache.

linuxtweaks ~]# apachectl -M | grep evasiveInstall

11. Now the last step is to make sure that your next rebuild or upgrade will configure this module as well.

linuxtweaks ~]# echo "/usr/local/apache/bin/apxs -i -a -c /usr/local/src/mod_evasive/mod_evasive24.c" >> /scripts/after_apache_make_install
chmod +x /scripts/after_apache_make_install

All Done!

Now you can check the logs and also can configure configuration file for email so can get mail when any attacker try to attack on your web server.

To know about other Apache Modules please click here


Balvinder Singh

Hello, I am Balvinder Singh - DevOps Engineer with 2.5+ year of working experience with different server environments. Tag Line:-Linux | AWS| WHM |Monitoring | Virtualization | Optimization | Performance | Security | Release & Deployment. I love helping companies / clients to deploy their code / applicateions to well managed, optimized, secure server and can go extra mile to satisfy.

You may also like...

Leave a Reply

Your email address will not be published.