{"id":936,"date":"2012-12-12T03:21:34","date_gmt":"2012-12-12T09:21:34","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=936"},"modified":"2018-10-04T02:02:02","modified_gmt":"2018-10-04T08:02:02","slug":"mod_evasive","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/mod_evasive\/","title":{"rendered":"mod_evasive"},"content":{"rendered":"<p>mod_evasive is a detection and network management tool, and can be easily configured to talk to IP chains, firewalls,<br \/>\nrouters, etc . Detection is performed by creating an internal dynamic hash table of IP Addresses and URLs, and denying<br \/>\nany single IP address that matches the criteria.<\/p>\n<blockquote><p>#cd \/usr\/src<br \/>\n#wget http:\/\/www.zdziarski.com\/blog\/wp-content\/uploads\/2010\/02\/mod_evasive_1.10.1.tar.gz<br \/>\n#tar xzf mod_evasive_1.10.1.tar.gz<br \/>\n#cd mod_evasive<br \/>\n#apxs -cia mod_evasive20.c<\/p><\/blockquote>\n<p>LoadModule evasive20_module \/usr\/lib\/httpd\/modules\/mod_evasive20.so<\/p>\n<p><!--more-->Add configuration rules to the Apache conf file: \/etc\/httpd\/conf\/httpd.conf<\/p>\n<blockquote><p>&lt;IfModule mod_evasive20.c&gt;<br \/>\nDOSHashTableSize 3097<br \/>\nDOSPageCount 2<br \/>\nDOSSiteCount 50<br \/>\nDOSPageInterval 1<br \/>\nDOSSiteInterval 1<br \/>\nDOSBlockingPeriod 60<br \/>\nDOSEmailNotify someone@somewhere.com<br \/>\n&lt;\/IfModule&gt;<\/p><\/blockquote>\n<p>Restart Apache :<\/p>\n<blockquote><p>\/etc\/init.d\/httpd restart<\/p><\/blockquote>\n<p><strong>DOSHashTableSize<\/strong> : It is the size of the hash table that is created for the IP addresses monitored.<br \/>\n<strong>DOSPageCount <\/strong>: It is the number of pages allowed to be loaded for the DOSPageInterval setting. In this case, 2 pages per 1 second before the IP gets flagged.<br \/>\n<strong>DOSSiteCount <\/strong>: It is the number of objects (ie: images, style sheets, javascripts, SSI, etc) allowed to be accessed in theDOSSiteInterval second. In this case, 50 objects per 1 second.<br \/>\n<strong>DOSPageInterval <\/strong>: It is the number of seconds the intervals are set for DOSPageCount<br \/>\n<strong>DOSSiteInterval <\/strong>: It is the number of seconds the intervals are set for DOSSiteCount<br \/>\n<strong>DOSBlockingPeriod <\/strong>: It is the number of seconds the IP address will recieve the Error 403 (Forbidden) page when they have been flagged.<\/p>\n<p><strong>DOSBlockingPeriod <\/strong>: If an IP is determined to be malicious, it is banned for this period of time. Each infraction that occurs will blacklisted adds an additional interval of this amount.<\/p>\n<p><strong>Whitelisting IP Addresses<\/strong><\/p>\n<p>For whitelisting an address (or range) which is sure not to be an attacker, add an entry to the Apache configuration like this.<\/p>\n<blockquote><p>DOSWhitelist 127.0.0.1 DOSWhitelist 127.0.0.*<\/p><\/blockquote>\n<div id=\"_mcePaste\" style=\"position: absolute; left: -10000px; top: 565px; width: 1px; height: 1px; overflow: hidden;\">\/etc\/init.d\/httpd restart<\/div>\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n<p style=\"text-align: center;\"><!--HubSpot Call-to-Action Code --><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><!-- [if lte IE 8]><\/p>\n\n\n\n\n\n<div id=\"hs-cta-ie-element\"><\/div>\n\n\n<![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b\"><img decoding=\"async\" id=\"hs-cta-img-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-img\" style=\"border-width: 0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\" alt=\"Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value\" \/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '9d590242-d641-4383-94b4-8cfd62f0af6b', {}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>mod_evasive is a detection and network management tool, and can be easily configured to talk to IP chains, firewalls, routers, etc . Detection is performed by creating an internal dynamic&hellip;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[6],"tags":[],"class_list":["post-936","post","type-post","status-publish","format-standard","hentry","category-linux-basics"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=936"}],"version-history":[{"count":5,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/936\/revisions"}],"predecessor-version":[{"id":3171,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/936\/revisions\/3171"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}