mod_evasive maneuvers module for Apache to provide evasive action in
the event of an HTTP DoS or DDoS attack or brute force attack. It is
also designed to be a detection and network management tool, and can
be easily configured to talk to ipchains, firewalls, routers, and
etcetera. mod_evasive presently reports abuses via email and syslog
facilities.
Detection is performed by creating an internal dynamic hash table of IP
Addresses and URIs, and denying any single IP address from any of the
following:
* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a block list)
Add the following line to your /etc/httpd/httpd.conf file:
Include /etc/httpd/extra/mod_evasive.conf
To test enter the following command:
perl /usr/doc/mod_evasive-$VERSION/test.pl | more
which should output some "HTTP/1.1 200 OK" lines; then "HTTP/1.1 403
Forbidden".
mod_evasive is fully tweakable through the Apache configuration file,
see the README file in the package's documentation directory.