The mod_evasive module protects your Apache webserver from DDoS attacks.
Sometimes, legit users can trigger mod_evasive and they will get a 403 HTTP message “Forbidden – You don’t have permission to access this resource”. In the Apache logs there will be messages like:
[Sun Apr 05 09:43:17.836335 2020] [:error] [pid 28167] [client 74.11.11.11:50701] client denied by server configuration: /home/example/public_html/admin/index.php, referer: https://www.example.com/admin/index.php?route=catalog/product&user_token=ziSVvuKcMgnE3EfSGc2s5GCK1LG8I0DS
In this post, we will show how to whitelist IPs. Notice that is not possible to disable it for a domain or vhost. The configuration is global and applies to all domains on the server.
The mod_evasive configuration file is /etc/apache2/conf.d/300-mod_evasive.conf . To whitelist IPs, just edit the file with your preferred editor and add DOSWhitelist IP statements like:
DOSWhitelist 74.11.11.11
DOSWhitelist 87.12.12.12
You can also use wildcards. The information in the configuration file states:
# You can use whitelists to disable the module for certain ranges of
300-mod_evasive.conf file
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
# Multiple DOSWhitelist commands may be used in the configuration.
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*
Don’t forget to reload the Apache webserver.
Resources:
How to install mod_evasive