archive:centos_install_apache_mod_evasive
CentOS install apache mod_evasive
This apache module may give you a little breathing room during DDOS attacks.
Install mod_evasive
yum install mod_evasive -y
Next restart apache
systemctl restart httpd.service
Check if mod_evasive is loaded
httpd -M | grep evasive
You should get an output like below.
evasive20_module (shared)
Now that we are a bit more secure we can modify the configuration a bit.
Logfile location
Create a directory for the logfiles default is /tmp which is not secure enough.
mkdir /var/log/mod_evasive chown -R apache:apache /var/log/mod_evasive
Configuration tweak
Next let's tweak the configuration file a bit
cd /etc/httpd/conf.d/
vi mod_evasive.conf
Find the following line:
DOSBlockingPeriod 10
Change it to
DOSBlockingPeriod 300
Find the following line:
#DOSLogDir "/var/lock/mod_evasive"
Remove the # (hash) and change it to
DOSLogDir "/var/log/mod_evasive"
Restart apache for the changes to take effect
systemctl restart httpd.service
Check if the module is loaded
httpd -M | grep evasive
archive/centos_install_apache_mod_evasive.txt · Last modified: 24/11/2023 12:38 by Allan