Date: Wed, 6 Jul 2016 11:03:06 +0200 From: Andrea Venturoli <ml@netfence.it> To: "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org> Cc: "kiwi@oav.net" <kiwi@oav.net> Subject: mod_evasive ignores thresholds? Message-ID: <eba6837b-c527-a74a-df65-0751870a9625@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I'm trying to set up mod_evasive on a 9.3/i386 box running Apache 2.2. The server features (among other things) the CalDAV/CardDAV protocol, so it's quite normal clients will issue several requests in a row. I would think these would NOT be considered the same identical request, but I understand mod_evasive is not so smart, so I tried raising the threshold. Now in my config I have: > <IfModule evasive_module> > DOSHashTableSize 1024 > DOSPageCount 50 > DOSSiteCount 150 > DOSPageInterval 2 > DOSSiteInterval 2 > DOSBlockingPeriod 10 > </IfModule> In spite of this (50/150 requests in 2 seconds), the clients are always blocked after the fifth request: > 10.1.2.18 - - [06/Jul/2016:10:50:54 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" > 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 207 1826 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" > 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" > 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/principals/xxxxxx/ HTTP/1.1" 207 909 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" > 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" > [Wed Jul 06 10:50:55 2016] [error] [client 10.1.2.18] client denied by server configuration: /usr/local/www/baikal/html/cal.php > 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "REPORT /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 403 235 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1" Is it a bug? Is mod_evasive incompatible with DAV? Am I getting it all wrong? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eba6837b-c527-a74a-df65-0751870a9625>