Some server administrators USE mod_evasive to protect against attacks hosting servers which they manage. The Apache module, mod_evasive is a good solution to respinge requestRepeated webserver from an IP in a very short period of time. It's a good protection anti flood.
The worse side is like sometimes mod_evasive becomes a problem when the rate of indexing in search engines For a site it is very large. Requests of indexing boots, especially Yahoo! Slurp, are confused many times with attacks on the webserver And inevitably mod_evasive will block the access of the boots to the server and default to the sites. From experience I can tell you that Yahoo! It really makes Flood. There were cases when Yahoo! He used more band than 1000 visitors.
Not only indexing robots can fall “victim” of this Apache module, but also the visitors who have a weak internet connection (Due to the prolonged Request, access will be blocked) or that clicks on web pages in very small time intervals.
May 17 10:51:42 server mod_evasive[2185]: Blacklisting address 188.24.*.*: possible DoS attack.
Disabling mod_evasive on Apache/2.2.9 (UNIX).
1. First of all we have to log in the administrator at the hosting server. Via SSH For remote or direct servers from the console if we have the server close to us.
2. We go to the directory where it is located httpd.conf. Is normally in “cd /etc/httpd/conf” and “cd /usr/local/apache/conf“. We do not start to change anything until we make a backup file (backup) of httpd.conf.
3. We open edit httpd.conf. We are looking for the line: “AddModule mod_evasive.c” and we change it with “#AddModule mod_evasive.c“. “#” Put in front of an command line, leads to its cancellation. In some cases, in httpd.conf instead of the above line we find “LoadModule evasive_module libexex/mod_evasive” or “Include conf/mod_evasive20.conf“. We cancel these lines and to make sure that there is nothing more from mod_evasive in httpd.conf, we give a search after “evasive”.
4. We stay in the folder “conf” and we identify the file mod_evasive2020.conf or mod_evasive.conf. We make a backup of this file and then we delete its contents. An even simpler solution would be renaming the file in mod_evasive.conf in mod_evasive.conf.old.
5. Restart Apache Web Server.
Send Mail Setup for mod_evasive actions via SSH (Putty) – link .
