Date: Fri, 27 May 2016 20:07:01 +0100 From: Will Squire <will_squire@hotmail.co.uk> To: freebsd-apache@freebsd.org Subject: mod_evasive is not blocking IPs causing DoS, but is logging them Message-ID: <BLU436-SMTP14799452DD04657F68E8503DA420@phx.gbl>
next in thread | raw e-mail | index | archive | help
Hi all - my first time mailing here, here goes...
mod_evasive is not blocking IPs that are causing DoS, but it is logging =
the IPs in the /tmpdirectory. The files it generates to this directory =
are named dos-XXX.XXX.XXX.XXX(XXX.XXX.XXX.XXX being the IP).=20
Have read that mod_evasive does not work well with the =
mpm_prefork_module because it uses processes over threads. This is not =
being used, but mpm_event_module is (not mpm_worker_module). Not sure if =
this is the problem?
Here is the content of the mod_evasive config file created at =
/usr/local/etc/apache24/Includes/mod_evasive.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify example@example.com
</IfModule>
Have also read that mod_evasive uses iptables, but ipfw is being used. =
Again, I'm not sure if this is the issue?
Also noticed a trend of sudo privileges being given to Apache in some of =
the examples found online (particularly when using mod_evasive's =
DOSSystemCommand). I don't intend to give Apache sudo privileges, but =
have tried adding deny directives to ipfw using DOSSystemCommand with =
sudo privileges:
DOSSystemCommand "sudo ipfw add 00010 deny ip from %s to any"
This also didn't end well. Any help appreciated, thanks.=20
Kind regards,=20
Will Squire=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU436-SMTP14799452DD04657F68E8503DA420>