Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mod_evasive too aggressive

Discussion in 'General Discussion' started by Erel, Dec 1, 2017.

Tags:
  1. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    I've installed mod_evasive on my server.

    I'm trying to increase the limits to allow users to open multiple links at once without being blocked.

    No matter how high I set the limits they are still blocked after a few links.
    I've set 300-mod_evasive.conf to:

    LoadModule evasive24_module modules/mod_evasive24.so

    DOSPageCount 10000
    DOSSiteCount 20000

    The result is still the same. I think that I'm updating the correct file as it did start sending emails after I've added DOSEmailNotify.

    Any clues?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you let us know the specific output to the corresponding log file in the /var/log/apache2/mod_evasive/ directory regarding the blocked access attempt?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Sorry, I missed your post.

    There are many dos-<ip address> files in that directory. I don't see any log file there.
    The dos file content is a number (pid maybe).
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    My apologies, it looks like the /var/log/apache2/mod_evasive/ directory is for temporary files related to blocked IP addresses as opposed to logs of blocked access attempts. Could you open a support ticket using the link in my signature so we can take a closer look and see why the limits are not working as expected?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Done. I received this error while creating the ticket:

    WHM Authorization failed with the following error: The server detected that an SSH key for user “xxx” in Ticket ID “9091211” and Server “1” already exists. Run the following cPanel script and refresh your browser: /scripts/updatesupportauthorizations. You may skip this server or correct the problem and try again.

    I haven't ran this script as I don't know where to find it.
     
  6. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Issue has been resolved with the help of cPanel support.

    I was updating the wrong configuration file.

    The correct one is:
    /etc/apache2/conf.d/300-mod_evasive.conf

    The incorrect one is:
    /etc/apache2/conf.modules.d/300-mod_evasive.conf

    It was confusing as changes to the incorrect one were partially applied. Probably because the correct configuration file overrides the settings.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,440
    Likes Received:
    416
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    I guess that the docs should be updated...
     
    Infopro likes this.
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,440
    Likes Received:
    416
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could I have the ticket ID for your ticket about this?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Erel

    Erel Active Member

    Joined:
    Jul 23, 2007
    Messages:
    29
    Likes Received:
    2
    Trophy Points:
    53
    Sure: 9091211
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,440
    Likes Received:
    416
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I've opened a case with our Documentation Team (DOC-9944) to have the correct path reflected in our documentation.

    Thanks!

    Update: The change was implemented and should be published in the near future.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice