The mod_evasive module is an Apache web services module that helps your server stay running in the event of an attack.
![]()
Google search for modevasive for win32 and I am sure there will be many results that will help your case - this modevasive is not part of the XAMPP for Windows installation and so no help or support is available for it on these forums. Installing Apache, PHP, MySQL and phpMyAdmin from XAMPP. XAMPP is an all-in-one package that you can use to install Apache, PHP, and MySQL. XAMPP also installs phpMyAdmin, a Web application used to administer MySQL. XAMPP installs all the packages in one easy procedure. XAMPP installation instructions are provided for Windows and Mac.
A common type of cyber attack comes in the form of a Denial of Service (DoS), Distributed Denial of Service (DDoS), or brute-force attempting to overwhelm your security. The nature of these attacks is to use several different computers to make repeated requests against your server. This causes the server to run out of processing cycles, memory, or network bandwidth, causing the website to crash.
The mod_evasive Apache utility works by monitoring incoming server requests. Also, it watches for suspicious requests such as:
The module sends a 403 error if any of these things happen. By default, this also includes a 10-second waiting period on the blacklist. If the IP address making the request tries to request again in that 10-second window, the waitlist is extended.
mod_evasive helps you defends against these kinds of attacks through network detection and management.
This guide will walk you through configuring and installing mod_evasive to protect against DoS and DDoS.
1. Update your package listings by entering the following command at the terminal:
Debian / Ubuntu:
RedHat / CentOS:
Allow the system to refresh and update your software listings.
2. Next, install a helper utility:
Debian / Ubuntu:
RedHat / CentOS:
This utility is required for the installation of mod_evasive.
To install the mod_evasive module on Debian / Ubuntu, enter the following:
Allow the process to complete.
To install the mod_evasive module on RedHat / CentOS, enter the following:
Allow the process to complete.
Like most Linux software packages, mod_evasive is controlled by a configuration file.
1. Open it in a text editor with the following commands:
Debian / Ubuntu:
RedHat / CentOS:
2. Find the following entry:
The # sign marks this as a comment. Remove the # sign, then replace [email protected] with your actual email address. Use an email that you check regularly – this is where the tool will send alerts. Want to learn more about how to stop a DDoS attack.
3. Remove the comment tag from the following entries, so the log file looks as follows:
4. Save the file and exit. Reload the Apache service by entering the following:
Debian / Ubuntu:
RedHat / CentOS:
Now, let’s verify the module is working correctly.
In this example, use the test.pl script provided by the developers to test mod_evasive.
Th script is located at: /usr/share/doc/libapache2-mod-evasive/examples/test.pl.
Use the following command to run the script:
The output should appear as below:
DOSSystemCommand: First, you may have noticed that this option was left disabled as a comment. This command allows you to specify a system command to be run when an IP address is added to the blacklist. You can use this to launch a command to add an IP address to a firewall or IP filter.
DOSHashTableSize: Increase this for busier web servers. This allocates space for running the lookup operations. Increasing the size improves the speed at the cost of memory.
DOSPageCount: The number of requests for an individual page that triggers blacklisting. This is set to 2, which is low (and aggressive) – increase this value to reduce false-positives.
DOSSiteCount: The total number of requests for the same site by the same IP address. By default, this is set to 50. You can increase to 100 to reduce false-positives.
DOSPageInterval: Number of seconds for DOSPageCount. By default, this is set to 1 second. That means that if you don’t change it, requesting 2 pages in 1 second will temporarily blacklist an IP address.
DOSSiteInterval: Like DOSPageInterval, this specifies the number of seconds that DOSSiteCount monitors. By default, this is set to 1 second. That means that if a single IP address requests 50 resources on the same website in a single second, it will be temporarily blacklisted.
DOSBlockingPeriod: The amount of time an IP address stays on the blacklist. Set to 10 seconds by default, you can change this to any value you like. Increase this value to keep blocked IP addresses in time-out for a more extended period.
DOSLogDir: By default, this is set to write logs to /var/log/mod_evasive. These logs can be reviewed later to evaluate client behavior.
You can create a new directory to save these apache access logs – make sure you change the owner to Apache, then update the location in this entry:
Whitelisting IP addresses: This option isn’t included in the evasive.conf file by default.
Open the file for editing as before, then add the following line:
Substitute the IP address you want to whitelist. Also, you should list only one entry per line. This is typically used with a trusted client that exchanges a lot of data with your website. This tool is good at detecting bots and scripts; if there are bots or scripts that you want to allow, you can whitelist them to prevent them from triggering a blacklist action.
Make sure to save the file and exit, then reload your Apache service before testing any of these options.
Now you know how to install and configure mod_evasive on Apache.
The mod_evasive module is an excellent utility for detecting and blocking IP addresses that are being used in a Denial of Service attack. It does so by putting suspicious IP addresses in a temporary blacklist and keeping them there if they continue their behavior.
Between its simplicity to configure and its effectiveness, it has become a favorite tool for protecting Apache and Linux systems. For more information and the manual, please refer to the developer’s GitHub documentation page.
![]()
Next you should also read
If you do not keep your Ubuntu operating system up-to-date, you run the risk of compromising overall system…
SELinux is a mandatory access control (MAC) enforcer built into the Linux kernel. It limits the privileges of…
ModSecurity is an Open-source firewall application for Apache. Learn how to Setup & Configure ModSecurity on…
Apache is part of the LAMP stack of software for Linux (Linux, Apache, MySQL, PHP). Apache is responsible for…
Initially developed by Netscape in 1994 to support the internet’s e-commerce capabilities, Secure Socket…
XAMPP and MODX What is XAMPP?XAMPP is a free Open-Source package you can install on your local machine. XAMPP provides relatively recent versions of Apache, MySQL, PHP, and the FileZilla mail server. After installing XAMPP, you can run MODX on your local Windows, OS X, or Linux box. You could download the components separately and install them, but XAMPP installs them all with a single click and provides versions that are (theoretically) compatible with each other. Where Do I Get XAMPP?XAMPP is available. For Windows, I recommend downloading the self-extracting.exe version.
It should install when you double-click on the downloaded file. It's not a bad idea to keep a couple of previous versions of the downloaded.exe file. Occasionally, there are problems with a new release and you will want to revert. Configuring XAMPPNote: These instructions are mainly for installing XAMPP on Windows machines. If you're installing it on another platform, the file locations will probably be different. Also, the current versions of XAMPP no longer support Windows XP.There's really only one thing you'll want to do and it's only necessary if you want Friendly URLs in MODX.
Later, hen you turn FURLs on and MODX crashes, you may not remember that this is the reason. It's simple, so you might as well do it when you install:. Edit XAMPP/apache/conf/httpd.conf. Remove the # in front ofLoadModule rewritemodule modules/modrewrite.soSecuring XAMPPIf your machine is not connected to the internet and you are the only person who uses it, you can ignore this section, otherwise:. Go to to create the MySQL master password and protect the XAMPP directory. For the MySQL Root password section, leave the 'current password' field blank and enter the password that is in your MODX config file.
You can protect your XAMPP directory with a username and password here also, but notice that there are separate buttons for the different actions. Edit /XAMPP/phpMyAdmin/config.inc.php and change the authorization type in this line:$cfg'Servers'$i'authtype' = 'config';to cookie:$cfg'Servers'$i'authtype' = 'cookie';. Restart Apache. Restart MySQL. Go to to make sure everything is secure. Ignore the warning about PHP not running in 'Safe' mode.Upgrading or Downgrading XAMPPTo upgrade XAMPP, you can usually just install the newer version (sometimes there is a separate 'upgrade' version). There's no need to uninstall the current version.
If you want to downgrade, however, it's usually wise to uninstall the current version, reboot, and double-click on the older installation file.WARNING: If you uninstall XAMPP, you will be asked if you want to uninstall the MySQL database and the HTDOCS directory. JUST SAY NO, unless you want to wipe out your MODX site and its content.When you downgrade to an older version of XAMPP after uninstalling, you are likely to have several problems that the following steps will solve. It's possible, but unlikely, that you will encounter these problems in an upgrade to a newer version. The install may change the MySQL username and password used by XAMPP back to their defaults and you may get an Access Denied or Error 500 message when you try to access XAMPP security or MODX. The XAMPP install may mess up the.htaccess file in /xampp/htdocs/xampp. It will also usually turn off the rewrite engine and change the username and password in /xampp/phpMyAdmin/config.inc.php which will make phpMyAdmin impossible to access. The steps below should fix those problems:Before upgrading or downgrading, make a note of the username and password in /xampp/phpMyAdmin/config.inc.php in case you need to restore them later.After upgrading or downgrading:.
Delete the.htacces file in /xampp/htdocs/xampp. Go to to create the MySQL master password and protect the XAMPP directory. For the MySQL Root password section, leave the 'current password' field blank and enter the password that is in your MODX config file. You can protect your XAMPP directory with a username and password here also, but notice that there are separate buttons for the different actions. Edit /XAMPP/phpMyAdmin/config.inc.php and change the authorization type in this line:$cfg'Servers'$i'authtype' = 'config';to cookie:$cfg'Servers'$i'authtype' = 'cookie';. Edit XAMPP/apache/conf/httpd.conf. Remove the # in front ofLoadModule rewritemodule modules/modrewrite.so.
Restart Apache. Restart MySQL. Go to to make sure everything is secure.
Ignore the warning about PHP not running in 'Safe' mode. My book, MODX: The Official Guide - Digital Edition is now available. The paper version of the book is available from.If you have the book and would like to download the code, you can find it.If you have the book and would like to see the updates and corrections page, you can find it.MODX: The Official Guide is 772 pages long and goes far beyond this web site in explaining beginning and advanced MODX techniques. It includes detailed information on:.
Installing MODX. How MODX Works. Working with MODX resources and Elements. Using Git with MODX. Using common MODX add-on components like SPForm, Login, getResources, and FormIt. MODX security Permissions.
Customizing the MODX Manager. Using Form Customization.
Creating Transport Packages. MODX and xPDO object methods. MODX System Events. Using PHP with MODXGo for more information about the book.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |