EA4 - Mod_evasive - Nginx Proxy - Layer 7 DDOS Attacks

[007basaran]

Hello,

Linux CentOS can do DDoS protection settings on any server, but this is not possible in cPanel.

I can activate CSF + Nginx + Mod_evasive with any control panel and provide protection. I tested it.

We use Easyapache 4.

HTTP, GET, POST, HEAD - Protection against DDoS attacks is not possible as far as I know from cPanel.

How to use easyapache4 any mod_evasive or nginx proxy or layer 7ddos protection?

Please help

cPanel is a very good system.

I do not want to give up using cPanel.

Thank you all.

 

[cPanelMichael]

Hello,

No native support exists for the Apache mod_evasive module in EasyApache 4. You would have to build a custom RPM for this module using the guidelines at:

ea4.ninja

I encourage you to open a feature request if it's something you like to see included as an option in EasyApache 4:

Submit A Feature Request

Additionally, you may find this thread helpful if you are open to different solutions:

How to block strange massive traffic flooding the website

Thank you.

 

[007basaran]

How to add mod_evasive ea4?

 

[cPanelMichael]

There's no easy method of installing that module, as you'd need to develop a custom RPM per the URL referenced in the last response. You can find a list of companies offering system administration services at the following URL if you require help with this level of customization:

System Administration Services | cPanel Forums

Thank you.

 

[JacobPerkins]

Hi,

This can be added to EA4 as easily as the following:

 1011  2017-03-01 09:04:56 wget 'https://raw.githubusercontent.com/shivaas/mod_evasive/master/mod_evasive24.c'
 1012  2017-03-01 09:05:00 /usr/bin/apxs -i -a -c mod_evasive24.c
 1013  2017-03-01 09:05:07 less /etc/apache2/conf.modules.d/mod_evasive20.conf
 1014  2017-03-01 09:05:12 /scripts/restartsrv_httpd

 

[007basaran]

Solved.

Thank you Michael and Jacob.

 

[007basaran]

Hello, Jacob

i testing this is not working :/

 

[007basaran]

Hello, All

İnstalling succesfully.

But not activated or not working.

Help please.

 

[cPanelMichael]

Hello @007basaran,

It looks like you were able to address this issue, per your post at:

setting up mod_evasive with easyapache4 on cloudlinux 7

Can you confirm it's now working as intended?

Thank you.

 

[007basaran]

Hello, @cPanelMichael

Installation was done but not working or not active.

I did a GET and POST or HTTP request layer 7 attack to test if it worked.

Attacks must be blocked while mod_evasive is running.

I tested it on a different server.
Attacks on a different server are blocking but, CPanel - is not blocked in EasyApache 4.

Regards.

 

[cPanelMichael]

Hello @007basaran,

Could you try testing with the test.pl file offered on the GitHub repo? It's located at:

mod_evasive/test.pl at master · shivaas/mod_evasive · GitHub

Here's a quote from the README:

TESTING

Want to make sure it's working? Run test.pl, and view the response codes. It's best to run it several times on the same machine as the web server until you get 403 Forbidden messages. Some larger servers with high child counts may require more of a beating than smaller servers before blacklisting addresses.

Please don't use this script to DoS others without their permission.

Thank you.

 

[007basaran]

Test here.

[root@cloud arge]# ./test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request

 

[007basaran]

Hello michael

How to fix my problem?

 

[cPanelMichael]

Hello @007basaran,

You may want to add configuration values for the Mod_Evasive module, as referenced on the following third-party URL:

mod_evasive on Apache

You may also want to submit an issue to the GitHub of this third-party module at:

Issues · shivaas/mod_evasive · GitHub

Thank you.

 

[007basaran]

Hello,

Your links, only apache 2.4 version supported. I need easyapache 4 :=)

I Submit ticket.

But not helper anyone.

How to install Mod_evasive on easyapache4 ?

Thank you michael.

Regards

 

[cPanelMichael]

Your links, only apache 2.4 version supported. I need easyapache 4 :=)

EasyApache 4 provides Apache 2.4.

I Submit ticket.

But not helper anyone.

Please see the most recent update to the following feature request:

How to install Mod_evasive on easyapache4 ?

Let us know if the issue persists when using the version offered in the EA4 experimental repo.

Thank you.

 

[007basaran]

Hello,

Installing but error ; Screenshot

And not working again.

 

[cPanelMichael]

Hello,

Installing but error ; Screenshot

And not working again.

You'll need to first revert the previous workaround steps you utilized to install the module by removing the /etc/apache2/conf.modules.d/mod_evasive20.conf file.

Thank you.

 

[007basaran]

Hello,

Installing steps mod_evasive for ea4:

yum install ea4-experimental
yum install ea-apache24-mod_evasive

Available any module for Easy Apache4 Listing :
yum --disablerepo="*" --enablerepo="EA4-experimental" list available

Installing complated but mod_evasive not working :

./test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request

Screenshot

 

[cPanelMichael]

HTTP/1.1 400 Bad Request

This seems more like an issue with the testing script you are using. You can try simulating a dos attack via another method (e.g. the ab utility referenced on this URL).

Thank you.