mod_evasive and Wordpress

gnetwork-cp

• November 12, 2017 04:46

Just a heads up for anyone thinking of installing mod_evasive (using EasyApache) on a server running Wordpress. I saw the news this week that mod_evasive was available to install using EasyApache, so I gave it a try. All seemed good for a day or so, until I needed to do some edits in the backend of Wordpress (wp-admin). Firstly, images stopped appearing, then I got blocked completely with 403 Forbidden. I was locked out of the server. Suspecting the newly installed mod_evasive module as the cause, I then accessed the server using another IP and managed to uninstall it. On checking the logs, I noticed that mod_evasive had indeed locked me out. When this happened, I was editing a table with over 1000 rows, so I guess the large number of requests is what triggered the mod_evasive protection. I have searched quite a bit and can't find any decent suggestions for safe config defaults that would suit most Wordpress usage. There is discussion online, as to whether mod_evasive is of any real help when under a DOS attack; most say that only a hardware solution can do the job.

• 

  cPanelMichael

  • November 13, 2017 16:34

  Hello, I'll leave this thread open for user-feedback, however I did want to note that we recently published a new blog with some general background information on Mod_Evasive: Blocking attacks with EasyApache 4's mod_evasive | cPanel Blog Additionally, we document the module at: Apache Module: Evasive - EasyApache 4 - cPanel Documentation Thank you.

  0
• 

  dvk01uk

  • November 14, 2017 05:55

  I feel at this time it is giving too many false blocks. The problem appears to occur when you have the server set to use HTTP2 and mod_mpm_event and use a compatible browser like chrome or FF, which by design use multiple simultaneous connections which Mod_evasive appears to see as DDOS attacks and blocks when they are genuine connections I have removed mod_evasive because it is blocking too many genuine connections on my server. I only had it installed for less than 1 hour and monitored carefully

  0
• 

  gnetwork-cp

  • November 14, 2017 16:10

  Thanks cPanelMichael. I too use mod_http2 + mod_mpm_event.

  0
• 

  Ajdin

  • January 22, 2018 11:46

  Hello, recently we install mod_evasive for Dos protection on our server but we have issue with clients access. error_log show client denied by server configuration in most cases when clients access to wordpress admin or opencart app. configration that we set for mod_evasive is: DOSHashTableSize 3097 DOSPageCount 50 DOSSiteCount 150 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 3600 clients says that they can't post in wordpress and admin part of opencart for example doesn't load completly. kind regards.

  0
• 

  cPanelMichael

  • January 22, 2018 16:58

  Hi @Ajdin, I've merged your post with this thread. Thank you.

  0
• 

  leonep

  • July 26, 2020 21:31

  Hi, does anybody can use mod_evasive with http2 and mpm_event? thanks

  0

Please sign in to leave a comment.