ConfigServer Community Forum

can CSF be updated to use the new Cpanel mod-evasive Apache module
https://blog.cpanel.com/blocking-attack ... d_evasive/

While it probably is a good idea to have the option to integrate with CSF or at least clear instructions on how to add csf to the evasive conf file. I feel at this time it is giving too many false blocks.
The problem appears to occur when you have the server set to use HTTP2 and mod_mpm_event and use a compatible browser like chrome or FF, which by design use multiple simultaneous connections which Mod_evasive sees as DDOS attacks when they are genuine connections

You would have to enable LF_APACHE_403 in csf.conf to trap these. We cannot separate them out as they are not differentiated in the httpd error_log file from other 403 errors.