Table of Contents
install mod_evasive in cPanel server
Installation steps for Apache 2.2
Download the mod_evasive source file to the server
#cd /usr/local/src #wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
Extract the zip file that we downloaded to the server
#tar -xvzf mod_evasive_1.10.1.tar.gz #cd mod_evasive
To load dynamic modules to Apache, use apxs
#/usr/local/apache/bin/apxs -cia mod_evasive20.c
This will create an entry in the Apache configuration file for mod_evasive. To retain this entry after Apache rebuild/upgrade we need to run the following command. Otherwise cPanel will take out this entry from Apache configuration file after Apache rebuild/upgrade.
#/usr/local/cpanel/bin/apache_conf_distiller --update
Next is to create mod_evasive configuration file and then need to add the following configuration to it:
root@server [~]# cat /usr/local/apache/conf/mod_evasive.conf LoadModule evasive20_module modules/mod_evasive20.so DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10
Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file /usr/local/apache/conf/includes/pre_main_global.conf”
#root@server [~]# cat /usr/local/apache/conf/includes/pre_main_global.conf Include /usr/local/apache/conf/mod_evasive.conf
Then, rebuild Apache and restart it
#/scripts/rebuildhttpdconf #/etc/init.d/httpd restart
Installation steps for Apache 2.4
Download the mod_evasive source file to the server
#cd /usr/local/src #wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
Extract the zip file that we downloaded to the server
#tar -xvzf mod_evasive_1.10.1.tar.gz #cd mod_evasive
Now, if you attempt to build mod_evasive20.c for Apache 2.4, you’ll receive an error. That is if you run /usr/local/apache/bin/apxs -cia mod_evasive20.c you’ll get the following error:
mod_evasive20.c: In function 'access_checker': mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:212: warning: implicit declaration of function 'getpid' mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip' apxs:Error: Command failed with rc=65536
Now, you need to follow these steps for Apache 2.4
#cp mod_evasive{20,24}.c
#sed s/remote_ip/client_ip/g -i mod_evasive24.c
Now, build mod_evasive for Apache 2.4
#apxs -i -a -c mod_evasive24.c
This will create an entry in the Apache configuration file for mod_evasive as below.
#root@server [~]# grep mod_evasive /usr/local/apache/conf/httpd.conf LoadModule evasive20_module modules/mod_evasive24.so
To retain this entry after Apache rebuild/upgrade run the following command:
#/usr/local/cpanel/bin/apache_conf_distiller --update
Then, create mod_evasive configuration file and add the following configuration to it:
root@server [~]# cat /usr/local/apache/conf/mod_evasive.conf LoadModule evasive20_module modules/mod_evasive24.so DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10
Now include the file “/usr/local/apache/conf/mod_evasive.conf” in the file “/usr/local/apache/conf/includes/pre_main_global.conf”
#root@server [~]# cat /usr/local/apache/conf/includes/pre_main_global.conf Include /usr/local/apache/conf/mod_evasive.conf
Then, rebuild Apache and restart it
#/scripts/rebuildhttpdconf #/etc/init.d/httpd restart
Done!!
