Date: Fri, 27 May 2016 20:07:01 +0100 From: Will Squire <will_squire@hotmail.co.uk> To: freebsd-apache@freebsd.org Subject: mod_evasive is not blocking IPs causing DoS, but is logging them Message-ID: <BLU436-SMTP14799452DD04657F68E8503DA420@phx.gbl>
index | next in thread | raw e-mail
Hi all - my first time mailing here, here goes...
mod_evasive is not blocking IPs that are causing DoS, but it is logging the IPs in the /tmpdirectory. The files it generates to this directory are named dos-XXX.XXX.XXX.XXX(XXX.XXX.XXX.XXX being the IP).
Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?
Here is the content of the mod_evasive config file created at /usr/local/etc/apache24/Includes/mod_evasive.conf:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify example@example.com
</IfModule>
Have also read that mod_evasive uses iptables, but ipfw is being used. Again, I'm not sure if this is the issue?
Also noticed a trend of sudo privileges being given to Apache in some of the examples found online (particularly when using mod_evasive's DOSSystemCommand). I don't intend to give Apache sudo privileges, but have tried adding deny directives to ipfw using DOSSystemCommand with sudo privileges:
DOSSystemCommand "sudo ipfw add 00010 deny ip from %s to any"
This also didn't end well. Any help appreciated, thanks.
Kind regards,
Will Squire
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU436-SMTP14799452DD04657F68E8503DA420>