Skip to main content

Configure Mod Evasive

Hands-On Lab

 

Photo of

Training Architect

Length

00:45:00

Difficulty

Intermediate

The goal of this lab is to configure the mod_evasive module for the Apache Web Server. First, we install and load mod_evasive. Its installation includes a default configuration file with values we can modify. One thing to configure is how many times a person can reload our site until they are denied. The conditions of the lab include the following. firewalld is already running. SSH is port 61613 which we need to connect to the server. Apache is running on port 80. Port 80 is already open. SELinux is in enforcing mode. The front end and back end are both up and running. * The back end is running on port 65535.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Configure Mod Evasive

Introduction

Web servers are subject to DOS and DDOS attacks. Sometimes if the attackers have sufficient bandwidth, there's very little to nothing we can do to stop them. Most of the time, we are capable of implementing a set of countermeasures which will be used in a proactive way to prevent DOS attacks, DDOS attacks, and web scraping. For this purpose, we install and load mod_evasive. It's capable of determining how many times within a predefined time interval the site can be accessed, how many times a specific URI be accessed within a given time interval, and much more.

Connecting to the Lab

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page.

    ssh cloud_user@PUBLIC_IP_ADDRESS -p 61613

Install mod_evasive

  1. Install mod_evasive.

    sudo yum install mod_evasive

Inform Apache of the New Module

  1. Open the configuration file.

    sudo vim /etc/httpd/conf/httpd.conf
  2. Run a search for "conf.d".

  3. Verify the configuration file has the following line.

    IncludeOptional conf.d/*.conf
  4. If any changes were made, save the file. Then exit the editor.

  5. Change directories

    cd /etc/httpd/conf.d/
  6. Verify the existence of the mod_evasive.conf file.

    ls

Reduce DOSSiteCount

  1. Edit the mod_evasive configuration file.

    sudo vim mod_evasive.conf
  2. Find the entry for DOSSiteCount and reduce its value to 40.

  3. Save the changes and exit the editor.

Test the Configuration

  1. Open a browser and navigate to the public IP address of the server. The full address should be PUBLIC_IP/index.html

  2. Reload the page multiple times. Verify the page still loads.

  3. Return to the console and apply the configuration file.

    sudo systemctl restart httpd
  4. Navigate back to the website and continue reloading the page until the reload is denied access.

Conclusion

Congratulations, you've completed this hands-on lab!