Would you have any idea about mod_evasive command? The mod_evasive command in apache is the web service module, which designed to help the server to stay running in the event of any attack. This is the most common type of cyber-attack always comes in the form of Distributed Denial of Service (DDoS), Denial of Service (DoS) to overwhelm the security. These cause a server for running out of processing cycles, network bandwidth, or memory causing the website to crash.
This mod_evasive apache utility works greatly by monitoring the incoming server requests. In addition to that, it notices many suspicious requests include: various requests from singe page in one second, requests made when temporarily blacklisted, and many simultaneous requests per second.
If any of these actions happen, the module will send 403 errors. By default, the module also includes 10 second of waiting period on blacklist. When the IP address make any request to try the request again in 10 second window, the waitlist will be extended. The command helps the user to easily defend any kind of attacks through the network management and detection.
Here are some parameters and settings to notice while admitting the command in apache.
The foremost term is to notice DOS System Command was left disabled, because this command allows the user to specify the system command to run while IP affress is added as the blacklist. This command can be launched to add an IP address to the IP filter or firewall.
DOSHashTableSize will increase for web servers. This can easily allocate the space to run the lookup operations. By increasing the size can easily improve the speed at cost of memory.
DOSPageInterval is the number of seconds allocated for DOSPageCount. By default this value is set to 1 second, means when this is not requested for 2 pages in 1 second, it will be blacklisted temporarily an IP address.
These are some ideas to install and configure mod_evasive on Apache. This module is exactly an excellent utility to detect and block the IP address that are being used in Denial Service attack. Between the simplicity to configure and the effectiveness, the command has become the most favorite tool for protecting Linux and Apache systems. The command can be easily does by putting IP addresses in temporary blacklist and keep there if they continue the behavior.