How to install mod_evasive on cPanel servers

mod_evasive is an Apache module to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to communicate with ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuse via email and syslog facilities.

We can use the following steps to install mod_evasive for apache on your server:

1. Go to a temporary directory to save the installer say /usr/local/src .

# cd /usr/local/src/

2. Download the latest source file from .

# wget

3. Extract the package and go to the folder containing the installer .

# tar -xvzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive/

4. Now, we need to build the module from it's source and thus the following command needs to be executed .

# /usr/local/apache/bin/apxs -cia mod_evasive20.c

5. We also need to tell Apache where to look for mod_evasive's configuration. Open the Apache's configuration file in your favourite editor and look for the 'LoadModule evasive*' section. Once you find it, the following needs to be added right below it :

Include "/usr/local/apache/conf/includes/mod_evasive.conf"

6. Any custom changes made to the apache configuration file is removed if apache/php is recompiled using the easyapache utility and thus to ensure that the above change is not lost, we need to distill the configuration file using the following command:

# /usr/local/cpanel/bin/apache_conf_distiller –update

7. Now that we know it won't be removed from the main configuration, we can add our mod_evasive.conf. Once created, open the file using your preferred editor .

# touch /usr/local/apache/conf/includes/mod_evasive.conf

# vi mod_evasive.conf

Once opened, the following lines need to be added in the new file:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 3600
DOSLogDir "/var/log/mod_evasive"

8. As mentioned in the configuration settings, the module will log actions/error at /var/log/mod_evasive and thus, we need to create this file.

# touch /var/log/mod_evasive

9. Once that is done, we need to verify that there are no errors in the apache configuration which can be done as follows:

# /etc/init.d/httpd configtest
Syntax OK

10. Restart apache .

# /etc/init.d/httpd restart

11. We can verify whether the evasive module is running as expected by the following command

# httpd - M|grep -i evasive

12. To ensure EasyApache rebuilds mod_evasive with upgrades of Apache, rebuilds, etc. perform the following:

#echo "/usr/local/apache/bin/apxs -i -a -c /usr/local/src/mod_evasive/mod_evasive24.c" >> /scripts/after_apache_make_install
#chmod +x /scripts/after_apache_make_install

That should take care of everything.