While upgrading my server, most probably while doing the upgrade to Ubuntu 20.04 Focal, mod-evasive got installed and enabled. It didn't effect the configured websites, except sometimes for a couple of  seconds I received 403 errors. But finally everything continued working. The problem started, after adding a new website and trying to install a new Joomla platform. The installation process of Joomla stopped on the very last step without any error message on the screen.

After trying a couple of things I checked the error log of the website:

[evasive20:error] [pid 77535] [client x.x.x.x:56804] client denied by server configuration: /var/www/clients/clientxx/webyy/web/installation/index.php, referer: http://code.sinai-service.com/installation/index.php

First I stopped the apache module, responsible for stopping DDOS attacks on the web server. I guess, during the install process of Joomla a DDOS attack is triggered by mod-evasive.

sudo a2dismod evasive
sudo service apache2 restart

Now we need to change the configuration of evasive.conf:

sudo nano /etc/apache2/mods-available/evasive.conf

Remove all the comments (#) and insert an Email address in order to get notified on any attacks. You might need to adjust the parameters in the config, just keep an eye on your emails.

<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        5
    DOSSiteCount        80
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10

    DOSEmailNotify      
    DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/evasive"
</IfModule>

Now create the log folder and change the owner:

// change the directory to the above statement
sudo mkdir /var/log/evasive
sudo chown www-data:www-data /var/log/evasive

Finally enable mod-evasive and restart apache and check if everything is working:

sudo a2enmod evasive
sudo service apache2 restart

 

 

 

 

Comments powered by CComment

(c)2020 - 2021 by Mike Ennulat