mod_evasive too aggressive
I've installed mod_evasive on my server.
I'm trying to increase the limits to allow users to open multiple links at once without being blocked.
No matter how high I set the limits they are still blocked after a few links.
I've set 300-mod_evasive.conf to:
LoadModule evasive24_module modules/mod_evasive24.so
DOSPageCount 10000
DOSSiteCount 20000
The result is still the same. I think that I'm updating the correct file as it did start sending emails after I've added DOSEmailNotify.
Any clues?
-
Hello, Could you let us know the specific output to the corresponding log file in the /var/log/apache2/mod_evasive/ directory regarding the blocked access attempt? Thank you. 0 -
Sorry, I missed your post. There are many dos- files in that directory. I don't see any log file there. The dos file content is a number (pid maybe). 0 -
Hello, My apologies, it looks like the /var/log/apache2/mod_evasive/ directory is for temporary files related to blocked IP addresses as opposed to logs of blocked access attempts. Could you open a support ticket using the link in my signature so we can take a closer look and see why the limits are not working as expected? Thank you. 0 -
Done. I received this error while creating the ticket: WHM Authorization failed with the following error: The server detected that an SSH key for user "xxx" in Ticket ID "9091211" and Server "1" already exists. Run the following cPanel script and refresh your browser: /scripts/updatesupportauthorizations. You may skip this server or correct the problem and try again. I haven't ran this script as I don't know where to find it. 0 -
Issue has been resolved with the help of cPanel support. I was updating the wrong configuration file. The correct one is: /etc/apache2/conf.d/300-mod_evasive.conf The incorrect one is: /etc/apache2/conf.modules.d/300-mod_evasive.conf It was confusing as changes to the incorrect one were partially applied. Probably because the correct configuration file overrides the settings. 0 -
The incorrect one is: /etc/apache2/conf.modules.d/300-mod_evasive.conf
The docs suggest this is correct: Apache Module: Evasive - EasyApache 4 - cPanel Documentation0 -
I guess that the docs should be updated... 0 -
Could I have the ticket ID for your ticket about this? 0 -
Sure: 9091211 0 -
Thank you! 0 -
Hello, I've opened a case with our Documentation Team (DOC-9944) to have the correct path reflected in our documentation. Thanks! Update: The change was implemented and should be published in the near future. 0 -
Hello, thanks for this thread, I was able to configure mod_evasive. Still, I have to concerns regarding this module: 1) Can I be sure that settings within its configuration file (/etc/apache2/conf.d/300-mod_evasive.conf) won't be ovrwritten by any other cPanel process? 2) May these settings be added using any of the Include Editor present in WHM > Apache Configuration? And if so, what editor would you recommend? Pre Main Include, Pre Virtual Host Include or Post Virtual Host Include? Thanks! 0 -
1) Can I be sure that settings within its configuration file (/etc/apache2/conf.d/300-mod_evasive.conf) won't be ovrwritten by any other cPanel process? 2) May these settings be added using any of the Include Editor present in WHM > Apache Configuration? And if so, what editor would you recommend? Pre Main Include, Pre Virtual Host Include or Post Virtual Host Include?
Hello @Kent Brockman, I recommend continuing to make changes to the settings via edits to the /etc/apache2/conf.d/300-mod_evasive.conf file as opposed to using WHM >> Home >> Service Configuration >> Apache Configuration >> Include Editor. The is the file we expect administrators to use when editing the Mod_Evasive settings and it's reflected on the document below:0 -
Great, thanks @cPanelMichael for the clarification. Best regards. 0
Please sign in to leave a comment.
Comments
14 comments