mod_evasive not working on Apache 2.4.6

Question

I am trying to configure mod_evasive for Apache 2.4.6 on CentOS, release 7.5.1804. I got clean install of CentOS, with clean install of Apache without serving any pages or anything (just example index.html saying hello world), and I installed mod_evasive using this tutorial: https://www.digitalocean.com/community/tutorials/how-to-protect-against-dos-and-ddos-with-mod_evasive-for-apache-on-centos-7

Everything works fine, unless i have to run the testing script which should send requests to server and get 403 error because of mod_evasive. Instead, I am getting 400 Bad Request.

I switched firewalld for IPtables, and I have port 80 open, in fact, the example page works ok from browser. Also, SELinux mode is set to permissive.

Any suggestions?

Answer 1

After a few days, I found that there was an error in testing script provided with mod_evasive...

I corrected it and found out that installation was ok.

Answer 2

The issue was not with mod_evasive or its configuration. In my case I had to tweak the configuration of mpm_prefork_module like below to get mod_evasive configuration to work:

StartServers             10
MinSpareServers          10
MaxSpareServers          10
MaxRequestWorkers        80
MaxConnectionsPerChild   0

Basically fix the number of servers to constant by setting StartServers = MinSpareServers = MaxSpareServers = {your_magic_number} and set MaxConnectionsPerChild=0, so that no new server processes are spawned and no re-cycling of connections happen, allowing Child to hold infinitely many concurrent connections.

Hope this saves your day!

Answer 3

You will most likely have to change the perl script (usually saved in /usr/share/doc/libapache2-mod-evasive/examples/test.pl) to make this work, e.g.

Original line:

print $SOCKET "GET /?$_ HTTP/1.0\n\n";

Re-worked line:

print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";

From https://centosfaq.org/centos/apache-mod_evasive-problem-with-testpl/