حماية whm / cpanel من هجمات DDoS Attack من خلال Apache Module: Evasive

**Rise Company** · 09-12-2021, 20:36

حماية whm / cpanel من هجمات DDoS Attack من خلال Apache Module: Evasive
Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive Modules

mod_security (open-source intrusion detection and prevention engine for web applications that integrates seamlessly with the webserver) and
mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS that can be downloaded and installed

mod_evasive are two very important tools that can be used to protect a web server against brute force or (D)DoS attacks.
mod_evasive, as its name suggests, provides evasive capabilities while under attack,

acting as an umbrella that shields web servers from such threats.

Mod_Evasive

Mod_evasive is an Apache module with sophisticated Layer 7 DDoS mitigation features.
It detects potential attacks against web applications and takes evasive action
by rate-limiting IP addresses that make too many requests in a short time.

First, we need to install the mod_evasive module.
Navigate to Easy Apache 4 in WHM’s Software menu. Select the Apache Modules tab,
search for “mod_evasive,” and flip the install switch.

Next, select the Review Tab, scroll to the bottom of the page, and click Provision.
WHM may take a few seconds to install the module and its dependencies.

The module has sensible defaults, but you may want to tweak the configuration file,
which you will find on the server’s filesystem at:

كود:

     /etc/apache2/conf.d/300-mod_evasive.conf

If you would like mod_evasive to send an email when it blocks an IP, set an email address in the DOSEmailNotify section.
You may need to remove the comment symbol (#) from the beginning of the line.

The configuration file is documented with extensive comments,
and you can learn more from our mod_evasive documentation.

Pros and Cons

There are a number of benefits associated with mod_evasive, including:

Cost effectiveness – the module is available for free.
Ease of use – installation and configuration are both easily achieved, while settings can be adjusted on-the-fly to account for any changes to legitimate traffic flows.
DoS mitigation capabilities – single source attacks are easily identified and blocked.

At the same time, the module’s limitations make it ineffective at mitigating network layer and DDoS attacks.
Specifically, users need to consider that:

mod_evasive is ineffective against network layer attacks
Highly distributed attacks may not trigger mod_evasive thresholds configurations.
Low-and-slow attacks won’t trigger a response from mod_evasive.
Because traffic is blocked based on rudimentary criteria, mod_evasive is very prone to false positives.