mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-18 22:06:04 +01:00
39 lines
1.3 KiB
Text
39 lines
1.3 KiB
Text
mod_evasive maneuvers module for Apache to provide evasive action in the event
|
|
of an HTTP DoS or DDoS attack or brute force attack. It is also designed
|
|
to be a detection and network management tool, and can be easily configured
|
|
to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
|
|
reports abuses via email and syslog facilities.
|
|
|
|
Detection is performed by creating an internal dynamic hash table of IP
|
|
Addresses and URIs, and denying any single IP address from any of the
|
|
following:
|
|
|
|
|
|
* Requesting the same page more than a few times per second
|
|
* Making more than 50 concurrent requests on the same child per second
|
|
* Making any requests while temporarily blacklisted (on a blocking list)
|
|
|
|
|
|
To enable it edit /etc/httpd/httpd.conf to have like the following:
|
|
|
|
LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
|
|
|
|
<IfModule mod_evasive20.c>
|
|
DOSHashTableSize 3097
|
|
DOSPageCount 2
|
|
DOSSiteCount 50
|
|
DOSPageInterval 1
|
|
DOSSiteInterval 1
|
|
DOSBlockingPeriod 10
|
|
</IfModule>
|
|
|
|
|
|
To test enter the following command:
|
|
|
|
perl /usr/doc/mod_evasive-$VERSION/test.pl | more
|
|
|
|
Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
|
|
|
|
mod_evasive is fully tweakable through the Apache configuration file, see
|
|
the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
|
|
|