Symptoms
When accessing specific web applications, like WordPress plugins, and Apache's Evasive module (mod_evasive) is enabled, you receive a 403 error. An error similar to the following will logged in the Apache error log.
[Mon Aug 31 14:09:35.716705 2020] [:error] [pid 51546] [client 203.0.113.2:55730] client denied by server configuration: /home/cpanelusername/public_html/wp-admin/admin-ajax.php, referer: https://www.domain.tld/pagename.php
Description
Some web applications can perform multiple requests within a few seconds, which would trigger the default settings in Mod Evasive, resulting in errors.
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Open the Evasive configuration file, /etc/apache2/conf.d/300-mod_evasive.conf, in your preferred text editor.
- If a single user needs access to the application, add a
DOSWhitelistentry after the<IfModule mod_evasive24.c>line for the client IP address listed in the Apache error log.<IfModule mod_evasive24.c>
DOSWhitelist 203.0.113.2 - If many users need to access the application, increase the
DOSPageCountvalue.# This is the threshhold for the number of requests for the same page (or
# URI) per page interval. Once the threshhold for that interval has been
# exceeded, the IP address of the client will be added to the blocking
# list.
DOSPageCount 4
- If a single user needs access to the application, add a
- Save the changes and exit the text editor.
- Rebuild the Apache configuration.
/usr/local/cpanel/scripts/rebuildhttpdconf
- Restart Apache.
/usr/local/cpanel/scripts/restartsrv_httpd