Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache 2.2.9 mod_evasive does not work
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
i0
n00b
n00b


Joined: 11 Oct 2006
Posts: 46

PostPosted: Mon Feb 02, 2009 2:41 pm    Post subject: Apache 2.2.9 mod_evasive does not work Reply with quote

Hey

I have problem with apache web server and mod_evasive.
mod_evasive just does not work.

/etc/conf.d/apache
Code:

grep -v "#" /etc/conf.d/apache2
APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D PHP5 -D EVASIVE -D CHROOT"
PIDFILE=/var/run/apache2.pid


Apache is using mpm-itk and mod_chroot.
Apache version is 2.2.9-r1

Chroot and ITK is working ok. But not mod_evasive.
No errors on startup. But test.pl gives HTTP/1.1 200 OK all time.
test.pl (not included with mod_evasive gentoo package)
Code:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..100) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                      PeerAddr=> "127.0.0.1:80");
  if (! defined $SOCKET) { die $!; }
  print $SOCKET "GET /?$_ HTTP/1.0\n\n";
  $response = <$SOCKET>;
  print $response;
  close($SOCKET);
}



mod_evasive configuration
Code:

grep -v "#" /etc/apache2/modules.d/10_mod_evasive.conf
<IfDefine EVASIVE>
LoadModule evasive_module modules/mod_evasive.so

DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10

DOSEmailNotify xxxx@xxx.xx


DOSLogDir /var/log/apache2/evasive

</IfDefine>


I tested it with apache not in chroot - same result.
Could this be a result of using mpm-itk?
Back to top
View user's profile Send private message
hanj
Veteran
Veteran


Joined: 19 Aug 2003
Posts: 1264

PostPosted: Fri Jul 23, 2010 6:41 pm    Post subject: Reply with quote

Any updates with this? I'm running into the same problem. mod_evasive does not work in chroot environment (provided by mod_security).

Thanks!
hanji
_________________
Server Admin Blog - Uno-Code.com | Gentoo Hosting at Rackspace!
Back to top
View user's profile Send private message
i0
n00b
n00b


Joined: 11 Oct 2006
Posts: 46

PostPosted: Sat Jul 24, 2010 8:24 am    Post subject: Reply with quote

Hey

I discovered later on that this must be configuration problem.
Open IE on win machine and press F5 several times very fast, eventually you see forbidden message.
But strangely same thing does not work with firefox or with perl script.
Back to top
View user's profile Send private message
vostorga
Developer
Developer


Joined: 08 Jul 2011
Posts: 11
Location: El Salvador

PostPosted: Wed Feb 27, 2013 3:13 pm    Post subject: Reply with quote

Just for the record, mod_security disables in a unknown way mod_evasive.

I have been unable to activate both. mod_evasive works fine without mod_security.

Versions I am using:
www-apache/mod_security-2.7.0
www-apache/mod_evasive-1.10.1
www-servers/apache-2.2.23
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum