Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Need some httpd.conf advice for mod_evasive

Discussion in 'General Discussion' started by Optrosk, May 6, 2009.

  1. Optrosk

    Optrosk Registered

    Joined:
    Mar 13, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    51
    Hi,

    I have installed mod_evasive and need to insert some lines into /etc/httpd/conf/httpd.conf file. I have seen so many different methods so I'm unsure of the exact method which is relevant for my server.

    The readme file for mod_evasive says that I need to add this to the httpd.conf for APACHE v2.0 (I'm using 2.2):

    Code:
    <IfModule mod_evasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   10
    </IfModule>
    I was wondering if I should use the Apache Configuration or just edit the file manually. If I need to edit it manually I really don't know where exactly in the file I have to insert it :eek:

    But if I do it in cPanel/WHM do I need to insert it in the "Pre VirtualHost Include" in Apache Configuration? :eek:


    Two other questions for the mod_evasive lines in httpd.conf:

    1. Would you recommend to set the DOSBlockingPeriod higher?

    2. would you recommend the:

    DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"

    Do I need to adjust something in this command?
     
  2. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    156
    I would like to know how to do this also.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    8
    Trophy Points:
    193
    That is really a matter of choice.

    I myself inserted it on a lot of servers just before the <Directory /> section
    in the main httpd.conf file at /usr/local/apache/bin and ran the update script

    No, the default 10 seconds is plenty enough and in fact I might even
    consider lowering it a bit because that time resets if you attempt to
    make any connection during the time you are blocked.

    Subsequently, any attacks where you have a high amount of rapid repeating
    connection attempts, those IPs would just keep themselves locked out!

    If you have a firm understanding of IP tables and / or linking up to other
    firewall applications, then this is of course a useful additional feature.

    If you do not understand it well enough, I would advice not attempting
    to try to set this up. Mod_Evasive's internal blocking is generally more
    than sufficient for most general flood type attacks.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice