2010-05-11 22:54:55 +02:00
|
|
|
mod_evasive maneuvers module for Apache to provide evasive action in the event
|
|
|
|
of an HTTP DoS or DDoS attack or brute force attack. It is also designed
|
|
|
|
to be a detection and network management tool, and can be easily configured
|
|
|
|
to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
|
|
|
|
reports abuses via email and syslog facilities.
|
|
|
|
|
|
|
|
Detection is performed by creating an internal dynamic hash table of IP
|
|
|
|
Addresses and URIs, and denying any single IP address from any of the
|
|
|
|
following:
|
|
|
|
* Requesting the same page more than a few times per second
|
|
|
|
* Making more than 50 concurrent requests on the same child per second
|
|
|
|
* Making any requests while temporarily blacklisted (on a blocking list)
|
|
|
|
|
2010-05-13 00:37:13 +02:00
|
|
|
You'll need to add the following line to your /etc/httpd/httpd.conf file:
|
2011-02-14 00:26:32 +01:00
|
|
|
Include /etc/httpd/extra/mod_evasive.conf
|
2010-05-11 22:54:55 +02:00
|
|
|
|
|
|
|
To test enter the following command:
|
2010-05-13 00:37:13 +02:00
|
|
|
perl /usr/doc/mod_evasive-$VERSION/test.pl | more
|
|
|
|
which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
|
2010-05-11 22:54:55 +02:00
|
|
|
|
|
|
|
mod_evasive is fully tweakable through the Apache configuration file, see
|
2010-05-13 00:37:13 +02:00
|
|
|
the README file in the package's documentation directory.
|