While upgrading my server, most probably while doing the upgrade to Ubuntu 20.04 Focal, mod-evasive got installed and enabled. It didn't effect the configured websites, except sometimes for a couple of seconds I received 403 errors. But finally everything continued working. The problem started, after adding a new website and trying to install a new Joomla platform. The installation process of Joomla stopped on the very last step without any error message on the screen.
After trying a couple of things I checked the error log of the website:
[evasive20:error] [pid 77535] [client x.x.x.x:56804] client denied by server configuration: /var/www/clients/clientxx/webyy/web/installation/index.php, referer: http://code.sinai-service.com/installation/index.php
First I stopped the apache module, responsible for stopping DDOS attacks on the web server. I guess, during the install process of Joomla a DDOS attack is triggered by mod-evasive.
sudo a2dismod evasive sudo service apache2 restart
Now we need to change the configuration of evasive.conf:
sudo nano /etc/apache2/mods-available/evasive.conf
Remove all the comments (#) and insert an Email address in order to get notified on any attacks. You might need to adjust the parameters in the config, just keep an eye on your emails.
<IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 5 DOSSiteCount 80 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" DOSLogDir "/var/log/evasive" </IfModule>
Now create the log folder and change the owner:
// change the directory to the above statement sudo mkdir /var/log/evasive sudo chown www-data:www-data /var/log/evasive
Finally enable mod-evasive and restart apache and check if everything is working:
sudo a2enmod evasive sudo service apache2 restart