How to configure mod_evasive to show HTTP status 429 instead of 403?

Question

Some search engine spiders like Bingbot crawl too rapidly and does not seem to obey robots.txt crawl-delay directive. This triggers the DOS defence mechanism in mod_evasive to generate HTTP 403 forbidden errors. But showing 403 errors to bots for perfectly valid pages is not ideal and may affect page rank. Is there a way to configure mod_evasive to show HTTP status 429 instead of 403?

429 Too Many Requests

The 429 status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").

The response representations SHOULD include details explaining the condition, and MAY include a Retry-After header indicating how long to wait before making a new request.

score 3 · Accepted Answer · answered Oct 21 '14 at 14:01

3

Basically you just change the HTTP_FORBIDDEN to HTTP_TOO_MANY_REQUESTS in mod_evasive20.c and compile again.

answered Oct 21 '14 at 14:01

vrr

46
2

Looks like that is the only way. – Question Overflow Oct 22 '14 at 04:50

score 1 · Answer 2 · answered Oct 10 '17 at 11:14

I forked mod_evasive and made the response status configurable (along with some other features), check it out: https://github.com/jvdmr/mod_evasive

To configure this, install the new version and add DOSHTTPStatus 429 to your config (either globally or in the virtualhost you want to protect).

How to configure mod_evasive to show HTTP status 429 instead of 403?

2 Answers2