Vahid
August 6th, 2008, 02:54
How to remove or disable mod_evasive from Apache Web Server?
Quite a few web server administrators have mod_evasive installed to protect the servers they are responsible for. Mod_evasive is one way to stop several kind of attacks on a server. This apache module will help protect against computers sending too many requests to a webserver in a short period of time in an attempt to flood it with traffic and to make it unreachable that way.
However - sometimes mod_evasive can be a problem for a server itself. If not fine-tuned for a specific server, the rules can cause more damage to a server than providing protection. Search engines as an example tend to hit a website pretty hard and pretty fast in a short period of time to index it. Usually this does not cause server problems, but if mod_evasive is running with not very fine-tuned rules, it can consider a search engine as an attacker and then block the search engine from spidering a website.
One option is to install mod_evasive on a server, but not to turn it on by default. A webmaster can decide to have it just ready to go in case the server gets attacked. Mod_evasive would be installed on a server and then disabled. Here is how to do just that:
1) SSH into the web server as root and switch directories to get access to the httpd.conf file. Usually this can be done by going to "cd /etc/httpd/conf" or by going to "cd /usr/local/apache/conf"
2) Make a backup of the httpd.conf file. Now open httpd.conf and disable the lines that mention mod_evasive. This will probably be in two places. Example:
change "LoadModule evasive_module libexex/mod_evasive" to "#LoadModule evasive_module libexex/mod_evasive"
and
change "AddModule mod_evasive.c" to "#AddModule mod_evasive.c"
3) Now with in the "conf" folder open the "mod_evasive.conf" and either delete the content (make a backup first) or rename the file to "mod_evasive.conf.old". Renaming to something other is the preferred way as it will easily allow you to turn it back on in a matter of seconds by renaming the file and by enabling the 2 lines in the httpd.conf file.
4) Restart Apache webserver and test your website. Mod_evasive is now disabled.
Quite a few web server administrators have mod_evasive installed to protect the servers they are responsible for. Mod_evasive is one way to stop several kind of attacks on a server. This apache module will help protect against computers sending too many requests to a webserver in a short period of time in an attempt to flood it with traffic and to make it unreachable that way.
However - sometimes mod_evasive can be a problem for a server itself. If not fine-tuned for a specific server, the rules can cause more damage to a server than providing protection. Search engines as an example tend to hit a website pretty hard and pretty fast in a short period of time to index it. Usually this does not cause server problems, but if mod_evasive is running with not very fine-tuned rules, it can consider a search engine as an attacker and then block the search engine from spidering a website.
One option is to install mod_evasive on a server, but not to turn it on by default. A webmaster can decide to have it just ready to go in case the server gets attacked. Mod_evasive would be installed on a server and then disabled. Here is how to do just that:
1) SSH into the web server as root and switch directories to get access to the httpd.conf file. Usually this can be done by going to "cd /etc/httpd/conf" or by going to "cd /usr/local/apache/conf"
2) Make a backup of the httpd.conf file. Now open httpd.conf and disable the lines that mention mod_evasive. This will probably be in two places. Example:
change "LoadModule evasive_module libexex/mod_evasive" to "#LoadModule evasive_module libexex/mod_evasive"
and
change "AddModule mod_evasive.c" to "#AddModule mod_evasive.c"
3) Now with in the "conf" folder open the "mod_evasive.conf" and either delete the content (make a backup first) or rename the file to "mod_evasive.conf.old". Renaming to something other is the preferred way as it will easily allow you to turn it back on in a matter of seconds by renaming the file and by enabling the 2 lines in the httpd.conf file.
4) Restart Apache webserver and test your website. Mod_evasive is now disabled.