slackbuilds/network/mod_evasive
David Somero dae3b85cfa network/mod_evasive: Misc automated cleanups.
Signed-off-by: David Somero <xgizzmo@slackbuilds.org>
2010-06-04 01:13:17 -04:00
..
README network/mod_evasive: Updated for version 1.10.1 2010-05-13 00:37:13 +02:00
doinst.sh network/mod_evasive: Updated for version 1.10.1 2010-05-13 00:37:13 +02:00
mod_evasive.SlackBuild network/mod_evasive: Misc automated cleanups. 2010-06-04 01:13:17 -04:00
mod_evasive.conf network/mod_evasive: Updated for version 1.10.1 2010-05-13 00:37:13 +02:00
mod_evasive.info network/mod_evasive: Updated for version 1.10.1 2010-05-13 00:37:13 +02:00
slack-desc network/mod_evasive: Updated for version 1.10.1 2010-05-13 00:37:13 +02:00

README

mod_evasive maneuvers module for Apache to provide evasive action in the event
of an HTTP DoS or DDoS attack or brute force attack. It is also designed
to be a detection and network management tool, and can be easily configured
to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
reports abuses via email and syslog facilities.

Detection is performed by creating an internal dynamic hash table of IP
Addresses and URIs, and denying any single IP address from any of the
following:
    * Requesting the same page more than a few times per second
    * Making more than 50 concurrent requests on the same child per second
    * Making any requests while temporarily blacklisted (on a blocking list)

You'll need to add the following line to your /etc/httpd/httpd.conf file:
  Include /etc/httpd/mod_evasive.conf

To test enter the following command:
  perl /usr/doc/mod_evasive-$VERSION/test.pl | more
which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden

mod_evasive is fully tweakable through the Apache configuration file, see
the README file in the package's documentation directory.