Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_evasive And Moodle

Discussion in 'EasyApache' started by fmosse, Sep 5, 2018.

  1. fmosse

    fmosse Member

    Joined:
    Jan 6, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    301
    Hi,

    I have EASY APACHE 4 with Apache 2.4, PHP 5.4, PHP 5.5, PHP 5.6, and PHP 7.0


    I have some sites with Moodle that give random intermitent 403 error while surfing.

    This also happens in some sites in PHP with dozens of images. (Some images, randomly, are not shown... even if I try to enter then directly with the browser, they show 403 error. If I wait some seconds and refresh, they work)

    I have read that it´s related to mod_evasive.

    Can it be suspended or reconfigurated for some domains hosted in my WHM?

    Thanks,
    Francisco
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,770
    Likes Received:
    187
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @fmosse


    Are you sure you have mod_evasive installed? You can check by running the following:

    Code:
    rpm -qa |grep evasive
    There could potentially be other reasons this is occurring, what is your OS? When the issue occurs do you see anything related in
    Code:
    /etc/apache2/logs/error_log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. fmosse

    fmosse Member

    Joined:
    Jan 6, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    301

    Hi,

    I have CENTOS 6.10 standard [host] with WHM

    I executed it and I get

    ea-apache24-mod_evasive-1.10.1-4.5.53.cpanel.x86_64

    Thanks,
    Francisco
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,770
    Likes Received:
    187
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @fmosse

    Ok, you do definitely have mod_evasive but unfortunately it can't be disabled per VirtualHost. You can read about this in their FAQ here Mod evasive - Atomicorp Wiki

    You could whitelist the offending IP address but because the issue is intermittent it wouldn't be a proactive solution. The only way to stop mod_evasive from doing it's job essentially.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. fmosse

    fmosse Member

    Joined:
    Jan 6, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    301
    Hi!

    So... what can I do? The only way is to disable the mod_evasive entirely? But this wouldn´t be bad for the server, because it helps to stop DDos attacks?

    Thanks,
    Francisco
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,770
    Likes Received:
    187
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @fmosse


    Due to the nature of the module VirtualHost exceptions would completely defeat the purpose. You could make modifications to the point at which it begins blocking by modifying one or several of the following:
    The configuration file to modify is located at
    Code:
    /etc/apache2/conf.d/300-mod_evasive.conf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. fmosse

    fmosse Member

    Joined:
    Jan 6, 2002
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    301
    Hi,

    Thanks for your reply!

    This configuration will afect all the domain hosted in that server.

    Can I modify this per domain? So for some sites I activate it and for some don´t?

    With is the values that you recommend?

    I have sites that in one page they load 50 images for example and some load and some doesn´t. And if you try to enter one image directly you simply get the 403 error. If you wait some seconds and reresh it loads...

    Thanks,
    Francisco
     
  8. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,770
    Likes Received:
    187
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @fmosse

    As I've mentioned before and is documented in the mod_evasive documentation you cannot modify this per VirtualHost (domain).

    I can't tell you what values to add/change because I don't know your system and the traffic you receive. I would suggest enlisting the assistance of a system administrator to change this if you feel uncomfortable - if you don't have one you might find one here: System Administration Services | cPanel Forums

    You may also want to look at other DDoS mitigation solutions if this doesn't work for you - CSF has some features for this, CDN's like CloudFlare also are solutions some in employ successfully.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice