The default configuration file of mod_evasive is located at /etc/apache2/mods-enabled/evasive.conf, which you will need to configure per your requirements. Below is minimal workable configuration:
- DOSHashTableSize: mod_evasive uses this option to control the hash table size. It is recommended to increase this if you have a busy web server.
- DOSPageCount: This option specifies the threshold limit for the number of requests allowed to the same URI per second. Once the threshold limit has been exceeded, the client’s IP address will be blacklisted.
- DOSSiteCount: This option specifies the limit on the total number of requests allowed to the same IP address.
- DOSPageInterval: This option specifies the page count interval.
- DOSSiteInterval: This option specifies the site count interval.
- DOSBlockingPeriod: This option defines the amount of time in seconds that a client will be blocked.
- DOSEmailNotify: This option sends an email to the specified address when an IP address has been blacklisted.
- DOSSystemCommand: Whenever an IP address has been blacklisted, the specified system command will be executed.
- DOSLogDir: This option defines the mod_evasive log directory.
Further to this, if you are using php deployment that is using mpm_prefork_module (we are using this in one of our project deployments), then the below changes are to be made to this module's config (i.e. /etc/apache2/mods-enabled/mpm_prefork.conf) for the mod_evasive to work:
Basically fix the number of servers to constant by setting
StartServers = MinSpareServers = MaxSpareServers = {your_magic_number} and set MaxConnectionsPerChild=0, so that no new server processes are spawned and no re-cycling of connections happen, allowing Child to hold infinitely many concurrent connections.
StartServers = MinSpareServers = MaxSpareServers = {your_magic_number} and set MaxConnectionsPerChild=0, so that no new server processes are spawned and no re-cycling of connections happen, allowing Child to hold infinitely many concurrent connections.
Finally, restart the Apache service to implement the changes by executing the following command in terminal: sudo systemctl restart apache2