mod_evasive is not blocking IPs causing DoS, but is logging them
Will Squire
will_squire at hotmail.co.uk
Fri May 27 19:08:14 UTC 2016
Hi all - my first time mailing here, here goes...
mod_evasive is not blocking IPs that are causing DoS, but it is logging the IPs in the /tmpdirectory. The files it generates to this directory are named dos-XXX.XXX.XXX.XXX(XXX.XXX.XXX.XXX being the IP).
Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?
Here is the content of the mod_evasive config file created at /usr/local/etc/apache24/Includes/mod_evasive.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify example at example.com
</IfModule>
Have also read that mod_evasive uses iptables, but ipfw is being used. Again, I'm not sure if this is the issue?
Also noticed a trend of sudo privileges being given to Apache in some of the examples found online (particularly when using mod_evasive's DOSSystemCommand). I don't intend to give Apache sudo privileges, but have tried adding deny directives to ipfw using DOSSystemCommand with sudo privileges:
DOSSystemCommand "sudo ipfw add 00010 deny ip from %s to any"
This also didn't end well. Any help appreciated, thanks.
Kind regards,
Will Squire
More information about the freebsd-apache
mailing list