• mod_evasive permette di bloccare degli host che acceddono in maniera troppo agressiva rispondendo con un 403/forbidden

• Installare il pacchetto:

sudo apt-get install libapache2-mod-evasive

• Se si intende notificare i blocchi via mail, occorre creare un symlink per mail (eventualmente installarlo):

sudo ln -s /usr/bin/mail /bin/mail

• Abilitare il modulo:

sudo a2enmod mod-evasive

• Creare il file di configurazione globale per il web server

sudoedit /etc/apache2/conf.d/mod-evasive

<IfModule  mod_evasive20.c>

# Size of the hash table used to store the IPs.
   DOSHashTableSize 3097

# Number of pages allowed per DOSPageInterval.
   DOSPageCount 5

# Time in seconds used by DOSPageCount.
   DOSPageInterval 1

# Number of objects allowed per DOSSiteInterval.
   DOSSiteCount 100

# Time in seconds used by DOSSiteCount.
   DOSSiteInterval 1

# Time in seconds that IPs will be banned. If an IP tries to access the 
# server within this period, the count will be restarted.
   DOSBlockingPeriod 10

# Directory to store the logs. If not specified, /tmp will be used. Optional
   DOSLogDir "/var/lock/mod_evasive"

# Mail where notifications will be sent. Uses /bin/mail. Optional
   DOSEmailNotify mailbox@example.com

# List of IPs which won’t be blocked. Optional
#   DOSWhitelist

# Command to execute if an IP is blocked. Optional For example:
#   DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"

 </IfModule>

• Riavviare apache

sudo /etc/init.d/apache2 restart

• Esiste uno script apposito:

perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl

• mod_evasive on Apache - Linode Guides & Tutorials
• Installation & configuration of mod_evasive in Ubuntu Server 9.04 | Jaime Frutos Morales's blog
• mod_evasive neither does send mail nore write to log file | Web Hosting Talk
• linux - ModEvasive Not Sending Email Alerts - Server Fault
• Debian copy/paste Tutorials - Linux Tutorials - Apache2 Prevent DDoS Attack With mod_evasive in Debian Squeeze