26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
mod_evasive maneuvers module for Apache to provide evasive action in
|
|
the event of an HTTP DoS or DDoS attack or brute force attack. It is
|
|
also designed to be a detection and network management tool, and can
|
|
be easily configured to talk to ipchains, firewalls, routers, and
|
|
etcetera. mod_evasive presently reports abuses via email and syslog
|
|
facilities.
|
|
|
|
Detection is performed by creating an internal dynamic hash table of IP
|
|
Addresses and URIs, and denying any single IP address from any of the
|
|
following:
|
|
* Requesting the same page more than a few times per second
|
|
* Making more than 50 concurrent requests on the same child per second
|
|
* Making any requests while temporarily blacklisted (on a block list)
|
|
|
|
Add the following line to your /etc/httpd/httpd.conf file:
|
|
Include /etc/httpd/extra/mod_evasive.conf
|
|
|
|
To test enter the following command:
|
|
perl /usr/doc/mod_evasive-$VERSION/test.pl | more
|
|
|
|
which should output some "HTTP/1.1 200 OK" lines; then "HTTP/1.1 403
|
|
Forbidden".
|
|
|
|
mod_evasive is fully tweakable through the Apache configuration file,
|
|
see the README file in the package's documentation directory.
|