The mod_evasive Apache module is provided by EasyApache 4 released on 7th of November, 2017.
This Apache module helps to protect one’s server against the vicious attacks of DoS, DDoS. This module works even as a detection tool and one can design it to establish a communication with iptables, firewalls, routers and even other things alike.
This module is designed to work in dealing with single-server attacks, distributed attacks and brute-force attacks. It is capable of withstanding larger attacks if one assimilate with one’s firewall or IP filters. For getting the best protection, one is advised to assimilate it with one’s firewalls and routers.
If one’s infrastructure is incapable of defending various DoS attacks, then this module will only help in keeping a limit of one’s total bandwidth or server capacity for returning 403 errors.
Working of this module involves creation of an internal, dynamic hash table of IP address, URIs and also denies any single IP address that:
This module ensures a built-in clean-up mechanism and good scaling by creating an instance for each listener. Because of this feature, it will rarely hold an appropriate request, even if a user clicks on reload time and again.
A DoS attacker requests a URL from one’s server as many times as they can to cause one trouble.
To stop such attacks, perform the steps:
The cPanel and WHM provides a default configuration which blocks most attacks without extra changes in the configuration. Server’s response to the attackers will change to 403 Forbidden. This simply means that this module successfully detects and blocks the attack before one’s system got the time to process the request.
Client denied by server configuration.
localhost mod_evasive [2635]:
Blacklisting address X.X.X.X: possible
DoS attack
However, this module does not blacklist the clients forever. One can configure the block time. But it will block them well enough to put an affective stop to the attack. One can adjust the time period to block the attackers by adjusting the DOSBlockingPeriod directive in the mod_evasive configuration file.
One can install it either through the EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4) or with the help of yum install ea-apache24-mod_evasive command.
For more information, one can go through the Apache Module: Evasive documentation.
This module helps a great deal to put a stop to the efforts of the attackers to attack the server and hamper the technical working of the server.