The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need some httpd.conf advice for mod_evasive

Discussion in 'General Discussion' started by Optrosk, May 6, 2009.

  1. Optrosk

    Optrosk Registered

    Joined:
    Mar 13, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I have installed mod_evasive and need to insert some lines into /etc/httpd/conf/httpd.conf file. I have seen so many different methods so I'm unsure of the exact method which is relevant for my server.

    The readme file for mod_evasive says that I need to add this to the httpd.conf for APACHE v2.0 (I'm using 2.2):

    Code:
    <IfModule mod_evasive20.c>
        DOSHashTableSize    3097
        DOSPageCount        2
        DOSSiteCount        50
        DOSPageInterval     1
        DOSSiteInterval     1
        DOSBlockingPeriod   10
    </IfModule>
    I was wondering if I should use the Apache Configuration or just edit the file manually. If I need to edit it manually I really don't know where exactly in the file I have to insert it :eek:

    But if I do it in cPanel/WHM do I need to insert it in the "Pre VirtualHost Include" in Apache Configuration? :eek:


    Two other questions for the mod_evasive lines in httpd.conf:

    1. Would you recommend to set the DOSBlockingPeriod higher?

    2. would you recommend the:

    DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"

    Do I need to adjust something in this command?
     
  2. CaMer0n

    CaMer0n Well-Known Member

    Joined:
    Nov 8, 2004
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    I would like to know how to do this also.
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    That is really a matter of choice.

    I myself inserted it on a lot of servers just before the <Directory /> section
    in the main httpd.conf file at /usr/local/apache/bin and ran the update script

    No, the default 10 seconds is plenty enough and in fact I might even
    consider lowering it a bit because that time resets if you attempt to
    make any connection during the time you are blocked.

    Subsequently, any attacks where you have a high amount of rapid repeating
    connection attempts, those IPs would just keep themselves locked out!

    If you have a firm understanding of IP tables and / or linking up to other
    firewall applications, then this is of course a useful additional feature.

    If you do not understand it well enough, I would advice not attempting
    to try to set this up. Mod_Evasive's internal blocking is generally more
    than sufficient for most general flood type attacks.
     
Loading...

Share This Page