Erel

Active Member
Jul 23, 2007
29
2
53
I've installed mod_evasive on my server.

I'm trying to increase the limits to allow users to open multiple links at once without being blocked.

No matter how high I set the limits they are still blocked after a few links.
I've set 300-mod_evasive.conf to:

LoadModule evasive24_module modules/mod_evasive24.so

DOSPageCount 10000
DOSSiteCount 20000

The result is still the same. I think that I'm updating the correct file as it did start sending emails after I've added DOSEmailNotify.

Any clues?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Could you let us know the specific output to the corresponding log file in the /var/log/apache2/mod_evasive/ directory regarding the blocked access attempt?

Thank you.
 

Erel

Active Member
Jul 23, 2007
29
2
53
Sorry, I missed your post.

There are many dos-<ip address> files in that directory. I don't see any log file there.
The dos file content is a number (pid maybe).
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

My apologies, it looks like the /var/log/apache2/mod_evasive/ directory is for temporary files related to blocked IP addresses as opposed to logs of blocked access attempts. Could you open a support ticket using the link in my signature so we can take a closer look and see why the limits are not working as expected?

Thank you.
 

Erel

Active Member
Jul 23, 2007
29
2
53
Done. I received this error while creating the ticket:

WHM Authorization failed with the following error: The server detected that an SSH key for user “xxx” in Ticket ID “9091211” and Server “1” already exists. Run the following cPanel script and refresh your browser: /scripts/updatesupportauthorizations. You may skip this server or correct the problem and try again.

I haven't ran this script as I don't know where to find it.
 

Erel

Active Member
Jul 23, 2007
29
2
53
Issue has been resolved with the help of cPanel support.

I was updating the wrong configuration file.

The correct one is:
/etc/apache2/conf.d/300-mod_evasive.conf

The incorrect one is:
/etc/apache2/conf.modules.d/300-mod_evasive.conf

It was confusing as changes to the incorrect one were partially applied. Probably because the correct configuration file overrides the settings.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

I've opened a case with our Documentation Team (DOC-9944) to have the correct path reflected in our documentation.

Thanks!

Update: The change was implemented and should be published in the near future.
 

Kent Brockman

Well-Known Member
PartnerNOC
Jan 20, 2008
1,272
63
178
Buenos Aires, Argentina
cPanel Access Level
Root Administrator
Hello, thanks for this thread, I was able to configure mod_evasive.

Still, I have to concerns regarding this module:
1) Can I be sure that settings within its configuration file (/etc/apache2/conf.d/300-mod_evasive.conf) won't be ovrwritten by any other cPanel process?
2) May these settings be added using any of the Include Editor present in WHM > Apache Configuration? And if so, what editor would you recommend? Pre Main Include, Pre Virtual Host Include or Post Virtual Host Include?

Thanks!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
1) Can I be sure that settings within its configuration file (/etc/apache2/conf.d/300-mod_evasive.conf) won't be ovrwritten by any other cPanel process?
2) May these settings be added using any of the Include Editor present in WHM > Apache Configuration? And if so, what editor would you recommend? Pre Main Include, Pre Virtual Host Include or Post Virtual Host Include?
Hello @Kent Brockman,

I recommend continuing to make changes to the settings via edits to the /etc/apache2/conf.d/300-mod_evasive.conf file as opposed to using WHM >> Home >> Service Configuration >> Apache Configuration >> Include Editor. The is the file we expect administrators to use when editing the Mod_Evasive settings and it's reflected on the document below:


The entries in this file are preserved through updates.

Thank you.