mod_evasive on apache2 setup notes ubuntu debian

MOD_EVASIVE provides evasive maneuvers to apache in case of a DoS attack ... tara tara ... read the README if you are looking for this kind of read.

I think that it is a great piece of software for poor webmasters.

Install mod_evasive
$sudo -s
#apt-get install libapache2-mod-evasive

The mailer program is set to /bin/mail in source. This has not changed in the ubuntu sources. You can change the MAILER definition in the source and reinstall.
#grep MAILER mod_evasive20.c |grep define
#define MAILER "/bin/mail %s"

or just make /bin/mail a symbolic link to sendmail.
#ln -s `which sendmail` /bin/mail

Create the tmp locking directory
#mkdir /var/lock/mod_evasive
#chown www-data:www-data /var/lock/mod_evasive

Create my bad ip list directory
#mkdir /var/log/mod_evasive
#chown www-data:www-data /var/log/mod_evasive

Now, let's change the default mod_evasive settings by adding the following at httpd.conf.
#cat /etc/apache2/httpd.conf 
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
#nodes/child --prime and can be only prime (values are tiered to the next prime), next 6151

    DOSPageCount        2
#requests --threshold of requests for the same URI / DOSpageInterval

    DOSSiteCount        50
#requests --threshold of requests for any object by the same client on the same listener / DOSSiteInterval

    DOSPageInterval     1

    DOSSiteInterval     1

    DOSBlockingPeriod   60
#seconds --default is 10, it does not need to be large since in case of DoS is getting reset on every subsequent request.

    DOSEmailNotify      root@localhost
    DOSSystemCommand    "echo  '%s' >> /var/log/mod_evasive/ip;"

    DOSLogDir           "/var/lock/mod_evasive"
#lock dir


restart apache
#/etc/init.d/apache2 restart

Cool, now each villain IP address gets 403s while is DoSing and it is logged once in /var/log/mod_evasive/ip and root gets one email from apache with the title "HTTP BLACKLIST"

mod evasive setup on debian or ubuntu