How to whitelist IPs in Apache mod_evasive

The mod_evasive module protects your Apache webserver from DDoS attacks.

mod evasive
mod_evasive GitHub page

Sometimes, legit users can trigger mod_evasive and they will get a 403 HTTP message “Forbidden – You don’t have permission to access this resource”. In the Apache logs there will be messages like:

[Sun Apr 05 09:43:17.836335 2020] [:error] [pid 28167] [client 74.11.11.11:50701] client denied by server configuration: /home/example/public_html/admin/index.php, referer: https://www.example.com/admin/index.php?route=catalog/product&user_token=ziSVvuKcMgnE3EfSGc2s5GCK1LG8I0DS

In this post, we will show how to whitelist IPs. Notice that is not possible to disable it for a domain or vhost. The configuration is global and applies to all domains on the server.

The mod_evasive configuration file is /etc/apache2/conf.d/300-mod_evasive.conf . To whitelist IPs, just edit the file with your preferred editor and add DOSWhitelist IP statements like:

DOSWhitelist  74.11.11.11
DOSWhitelist  87.12.12.12

You can also use wildcards. The information in the configuration file states:

# You can use whitelists to disable the module for certain ranges of
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
# Multiple DOSWhitelist commands may be used in the configuration.
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*

300-mod_evasive.conf file

Don’t forget to reload the Apache webserver.

Resources:
How to install mod_evasive

Leave a Reply