CentOS 7 中，Apache 2.4 的 mod_evasive 无法正常工作，不能屏蔽IP，这个问题困扰了我一个月，情况如下，压力测试apache, mod_evasive 会记录攻击者IP， 但通常不能屏蔽ip，好不容易，遇到一次屏蔽，屏蔽时间又不够。找了很多中文文档，都没有找到。

最终看到一个英文的提问，提问者说可能是 mod_evasive 不能和 mpm_prefork，一起正常工作。

Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?

修改mpm为mpm_worker以后，奇迹发生了。一切正常了。

It looks like the counters used by mod_evasive are not shared between processes. Hence each time mpm_prefork spawns a new process, the counters are back to 0.

One way to make mod_evasive work with mpm_prefork is hence to have:

StartServers = MaxRequestWorkers = MaxSpareServers (so all processes are created at startup and no new process will be created or killed)
MaxConnectionsPerChild 0 (So processes won't be recycled. However this can be dangerous in case of memory leak so you should use a large value instead of 0)
Divide DOSPageCount and DOSSiteCount by the number of server processes
This is only based on the behavior I could observe on my own server and should be carefully tested.

参考：

https://serverfault.com/questions/679928/apache-mod-evasive-with-mpm-prefork-settings-to-work

https://stackoverflow.com/questions/37443133/mod-evasive-is-not-blocking-ips-causing-dos-but-is-logging-them

修改时间 2019-03-14