Web Hosting Resource Kit

Web Hosting, Web Hosting Reviews & Virtualization


This post may contain affiliate links. If you use these links to buy something we may earn a commission. Thanks.

How to remove or disable mod_evasive from Apache Web Server?

By Leave a Comment

How to remove or disable mod_evasive from Apache Web Server?
 
Quite a few web server administrators have mod_evasive installed to protect the servers they are responsible for. Mod_evasive is one way to stop several kind of attacks on a server. This apache module will help protect against computers sending too many requests to a webserver in a short period of time in an attempt to flood it with traffic and to make it unreachable that way.
 
However – sometimes mod_evasive can be a problem for a server itself. If not fine-tuned for a specific server, the rules can cause more damage to a server than providing protection. Search engines as an example tend to hit a website pretty hard and pretty fast in a short period of time to index it. Usually this does not cause server problems, but if mod_evasive is running with not very fine-tuned rules, it can consider a search engine as an attacker and then block the search engine from spidering a website.
 
One option is to install mod_evasive on a server, but not to turn it on by default. A webmaster can decide to have it just ready to go in case the server gets attacked. Mod_evasive would be installed on a server and then disabled. Here is how to do just that:
 
1)  SSH into the web server as root and switch directories to get access to the httpd.conf file. Usually this can be done by going to "cd /etc/httpd/conf" or by going to "cd /usr/local/apache/conf"
 
2) Make a backup of the httpd.conf file. Now open httpd.conf and disable the lines that mention mod_evasive. This will probably be in two places. Example:
 
change "LoadModule evasive_module libexex/mod_evasive" to "#LoadModule evasive_module libexex/mod_evasive"
and 
change "AddModule mod_evasive.c" to "#AddModule mod_evasive.c"
 
3) Now with in the "conf" folder open the "mod_evasive.conf" and either delete the content (make a backup first) or rename the file to "mod_evasive.conf.old". Renaming to something other is the preferred way as it will easily allow you to turn it back on in a matter of seconds by renaming the file and by enabling the 2  lines in the httpd.conf file.
 
4) Restart Apache webserver and test your website. Mod_evasive is now disabled.

Related posts:

  1. Upgrade To APACHE 2.0 Web Server
  2. Apache Webserver – A quick tutorial for new Admins
  3. Apache HTTP Web server configuration Tutorial
  4. How to disable and remove Urchin from a server?
  5. What is Mod_Security (on cPanel server)?
  6. How to rotate your Apache Log Files?
  7. Restoring Domain Accounts and Server Config Files with WHM / cPanel

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *