mod_evasive

Lucas · Jun 6, 2008

Well, I have managed to successfully install mod_evasive, but I see IPs getting blocked without DDoS attack... The server is new, just a couple of clients being hosted and I haven't been DDoSed yet, thankfully. Shouldn't it only block if there is an attack? I guess I would have to play around with the settings and make them less sensitive?

I currently have:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify root
</IfModule>

Edit: I am now trying the following

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify root
</IfModule>

Lucas · Jun 23, 2008

Nobody? This is quiet a nice application but it really needs careful configuration.

Infopro · Jun 23, 2008

Shouldn't it only block if there is an attack?

Not necessarily, if you use the wrong settings you might find just clicking around a site can block a user if they do it enough. You'll have to find a comfort zone that works for you.

Lots of old threads around on this topic, like this one.
http://forums.cpanel.net/showthread.php?p=306993&highlight=DOSBlockingPeriod#post306993

Thread starter	Similar threads	Forum	Replies	Date
L	Utilizando mod_evasive para los ataques DDOS	Web Servers and Applications	1	May 23, 2023
S	Disable mod_evasive for single site?	Web Servers and Applications	3	Jul 26, 2021
J	Exclude mod_evasive for specified domain	Web Servers and Applications	3	Mar 28, 2021
F	mod_evasive And Moodle	Web Servers and Applications	7	Sep 5, 2018
E	mod_evasive too aggressive	Web Servers and Applications	14	Dec 1, 2017

Search

Search

mod_evasive

Lucas

Well-Known Member

Lucas

Well-Known Member

Infopro

Well-Known Member