mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-13 08:43:42 +02:00
40 lines
1.3 KiB
Text
40 lines
1.3 KiB
Text
|
mod_evasive maneuvers module for Apache to provide evasive action in the event
|
||
|
of an HTTP DoS or DDoS attack or brute force attack. It is also designed
|
||
|
to be a detection and network management tool, and can be easily configured
|
||
|
to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
|
||
|
reports abuses via email and syslog facilities.
|
||
|
|
||
|
Detection is performed by creating an internal dynamic hash table of IP
|
||
|
Addresses and URIs, and denying any single IP address from any of the
|
||
|
following:
|
||
|
|
||
|
|
||
|
* Requesting the same page more than a few times per second
|
||
|
* Making more than 50 concurrent requests on the same child per second
|
||
|
* Making any requests while temporarily blacklisted (on a blocking list)
|
||
|
|
||
|
|
||
|
To enable it edit /etc/httpd/httpd.conf to have like the following:
|
||
|
|
||
|
LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
|
||
|
|
||
|
<IfModule mod_evasive20.c>
|
||
|
DOSHashTableSize 3097
|
||
|
DOSPageCount 2
|
||
|
DOSSiteCount 50
|
||
|
DOSPageInterval 1
|
||
|
DOSSiteInterval 1
|
||
|
DOSBlockingPeriod 10
|
||
|
</IfModule>
|
||
|
|
||
|
|
||
|
To test enter the following command:
|
||
|
|
||
|
perl /usr/doc/mod_evasive-$VERSION/test.pl | more
|
||
|
|
||
|
Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
|
||
|
|
||
|
mod_evasive is fully tweakable through the Apache configuration file, see
|
||
|
the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
|
||
|
|