How to Secure Apache Web Server with ModEvasive on Ubuntu 16.04

Prerequisite

  1. A valid Alibaba Cloud account (sign up now for a free trial)
  2. An ECS instance running Ubuntu 16.04 Operating System
  3. A non-root user capable of performing sudo privileges

Step 1: Update Your System Package Information Index

The first step is to log in to your Alibaba ECS instance via a command line tool such as PuTTY or Linux/macOS built in command line client.

$ sudo apt-get update

Step 2: Setup Apache Web Server

The next step is installing Apache web server. You can skip this command if you have already installed the software on your system.

$ sudo apt-get install apache2
http://ip_address

Step 3: Installing ModEvasive

ModEvasive is available on the Ubuntu software repository. So we can install it using the apt-get utility. This is the default package management command line program that handles installations, removals and upgrades of new software on Ubuntu.

$ sudo apt-get install libapache2-modsecurity

Step 4: Checking the Status of ModEvasive

You can check the status of ModEvasive by running the command below:

$ sudo apachectl -M | grep evasive
evasive20_module (shared)

Step 4: Configuring ModEvasive

In a Linux system, configuration files are mostly found on the /etc directory and this is not an exception with ModEvasive. Its configuration file is located at /etc/apache2/mods-enabled/evasive.conf.

$ sudo nano /etc/apache2/mods-enabled/evasive.conf
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify john@example.com
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/mod_evasive"
</IfModule>

Step 5: Creating ModEvasive Log Directory

By default, the log directory specified on the configuration file is not created when ModEvasive is installed. We need to create this folder using Linux mkdir command:

$ sudo mkdir /var/log/mod_evasive
$ sudo chown -R www-data:www-data /var/log/mod_evasive
$ sudo systemctl restart apache2

Step 6: Testing ModEvasive

ModEvasive makes things easy because it comes with a built-in Perl script that you can run on your Alibaba Ubuntu 16.04 ECS instance to see if the module is working.

$ sudo nano /usr/share/doc/libapache2-mod-evasive/examples/test.pl
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";
$ sudo perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
...
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
..
$ sudo ls -a /var/log/mod_evasive
.  ..  dos-127.0.0.1
$ sudo tail /var/log/apache2/error.log
...
[evasive20:error] [pid 31967] [client 127.0.0.1:43954] client denied by server configuration: /var/www/html/.
...

Conclusion

In this guide we covered the basic steps of securing your Apache web server against DDoS and brute-force attacks. This will keep your website safe and ensure that your Alibaba Cloud web server is not compromised by malicious hackers who might want to block access or steal information from your website or applications. We believe you have implemented this guide and added another powerful layer of security to your server.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

4.97K Followers

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com