mod_evasive20 is one of the loaded modules on my httpd server. I read good things about how it can stop a DOS attack and wanted to try it out on my localhost. A search for mod_evasive turns up a blog post by the author which briefly describes what it does.
Other than that, I can't seem to find a reference or a documentation on the apache modules site. I was wondering whether it is a module recognised by Apache since there is no mention of it on its website.
I have a mod_evasive.conf file sitting in the /etc/http/conf.d folder that contains the following lines:
LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
My understanding from the setting is that if I were to click refresh or send a form more than two times in a one second interval, apache will issue a 403 error and bar me from the site for 10 seconds. But that is not happening on my localhost. And I would like to know the reason. Thanks.
Best Answer
The Apache module site only lists modules provided with Apache official source code. Third party modules (like mod_evasive) are not listed there. The documentation for each third party module is usually done by their authors, and sometimes documentation is too brief or even lacking.
In the case of mod_evasive, maybe documentation is too brief because the module is really simple, the README file explains most important details, options have "useful" names and usually defaults are good for most people.
As for the reason you are not blocked when trying to trigger mod_evasive from localhost, maybe is the browser cache, a filter proxy or something else. You can try using wget (or curl, or similar) from the console:
(to stop, just Ctrl-C in the console)
Usually the output will be something like (getting 200 or 404 responses):
Then when mod_evasive triggers, you'll get 403 responses like: