Apache24 / mod_evasive issue / DOSWhitelist not working?
I installed mod_evasvie on my server the other day. I have a nodejs script that runs on some accounts on the same server that "spiders" the site to generate a sitemap.xml file. The script is crude and runs quite aggressively. The rate at which it makes requests are outside of the bands of acceptable ranges for the default configuration of mod_evasive.
That being said, the EA4 provision created two files in the /etc/apache2/conf.d/ directory named:
300-mod_evasive.conf and 300-mod_evasive_local_ips.conf
When I run my site map script manually, I see errors pop up in the apache error log when mod_evasive blocks the requests:
[Wed Sep 18 16:11:06.599085 2024] [:error] [pid 3180144:tid 3180182] [client <ip-omitted>:60768] client denied by server configuration: /path/to/requested/file
The problem is, the ip address that I omitted from the error log is listed in the file "300-mod_evasive_local_ips.conf" as "DOSWhitelist <ip-address>".
At first I thought the issue was that config file might not be read, so I added that DOSWhitelist command to the main configuration at the bottom and restarted apache.
This also had no effect and the spider script continued to be blocked by mod_evasive.
I then increased the "limits" in the main configuration file as a test to 2000% the current set limits, restarted apache and the errors continued.
Finally, I uninstalled mod_evasive and the problem went away immediately.
At this point I'm not even sure the configuration file generated is having any affect on the actual settings of mod_evasive.
I noticed that the both configs have their data wrapped in an "<IfModule mod_evasive24.c>" directive, and I wonder if that is the correct module name to be using for this as that would explain why the configuration is not being processed by apache if so.
Anyone have any thoughts on this? I would like to re-install it but I cannot if it's going to block it's own IP addresses...
-
Hey there! This is one of those "it should just work" type of things as we tell people to do exactly what you did in our documentation here:
https://docs.cpanel.net/ea4/apache/apache-modules/apache-module-evasive/#configuration-directives
Could you create a ticket so this can be investigated?
0 -
I would absolutely love to create a ticket, but since we lease our server and have our CPanel license through a 3rd party I can no longer create a ticket directly :(
I guess I will create a ticket with my provider and reference this post and see if they can work it out with you guys.
Thanks!
0 -
For sure - and then if they need to escalate the issue to us they can!
0 -
I just want to follow up here because I feel like I'm really spinning my wheels having to go through my reseller to report this bug.
My reseller opened a ticket with cPanel and it was suggested by cPanel that the IP in question was on the mod_evasive block list which overrules the white list and that to fix the issue we simply needed to remove the IP from the block list.
The problem is that the IP in question is assigned to the server that is blocking it. When EA4 installed mod_evasive it automatically detected all the IP addresses assigned to the server and preset the whitelist to include ALL of those IPs from the beginning (including the IP in question). Therefore, what cPanel is suggesting is literally IMPOSSIBLE because if the whitelist in mod_evasive was actually working, then there would be no possible way for this IP address to end up on the block list in the first place.
That being said, my reseller removed the IP from the block list. The whitelist shows the IP is present in the config. I ran my script and then mod_evasive blocked it again.
There is something wrong with either mod_evasive itself, or the way the EA4 configuration is defined that is somehow allowing it to block IPs defined in the white list configuration.
I want cPanel to confirm there is an issue (they have been permitted to sign into my server via my ticket with my reseller already), and then figure out if the issue is with your EA4 stuff, or with mod_evasive itself, and if the ticket needs to be escalated to the mod_evasive developers than so be it.
There is something not right with this.
0 -
Do you have that ticket number? It should start with 95xxxxx
0 -
Unfortunately a ticket number was not included when they replied to me with what was said by your team. I updated my ticket to ask for it so if I am able to get it, I will pass it along.
In the interim, I can tell you that my ticket number with my reseller is 20340129 and my reseller is Liquid Web, if that helps at all.
0 -
Unfortunately that doesn't help me as I can't see into their system to get that number.
I will say, if they made a ticket with us, we're on it and we'll either get things working or make a case with our developers to get things adjusted.
0
Please sign in to leave a comment.
Comments
7 comments