Date: Sat, 27 Jun 2020 08:49:26 +0000 (UTC) From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r540569 - in head/www/mod_evasive: . files Message-ID: <202006270849.05R8nQHS060902@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: lwhsu Date: Sat Jun 27 08:49:26 2020 New Revision: 540569 URL: https://svnweb.freebsd.org/changeset/ports/540569 Log: www/mod_evasive: fix HTTP request in test.pl Also some cleanups from swills and me. PR: 237817 Submitted by: HATANO Tomomi <hatanou@infolab.ne.jp> Approved by: kiwi@oav.net (maintainer) Added: head/www/mod_evasive/files/ head/www/mod_evasive/files/patch-test.pl (contents, props changed) Modified: head/www/mod_evasive/Makefile head/www/mod_evasive/pkg-descr Modified: head/www/mod_evasive/Makefile ============================================================================== --- head/www/mod_evasive/Makefile Sat Jun 27 08:33:27 2020 (r540568) +++ head/www/mod_evasive/Makefile Sat Jun 27 08:49:26 2020 (r540569) @@ -3,7 +3,7 @@ PORTNAME= mod_evasive PORTVERSION= 1.10.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www security DISTNAME= mod_evasive_${PORTVERSION} DIST_SUBDIR= apache2 @@ -11,14 +11,15 @@ DIST_SUBDIR= apache2 MAINTAINER= kiwi@oav.net COMMENT= Apache module to try to protect the HTTP Server from DoS/DDoS attacks -USE_GITHUB= yes -GH_ACCOUNT= jzdziarski -GH_TAGNAME= ad6e89f6c7d835945a7d329cc0f04adaefc3d114 - LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE USES= apache:2.2+ + +USE_GITHUB= yes +GH_ACCOUNT= jzdziarski +GH_TAGNAME= ad6e89f6c7d835945a7d329cc0f04adaefc3d114 + AP_FAST_BUILD= yes AP_GENPLIST= yes MODULENAME= ${PORTNAME}20 Added: head/www/mod_evasive/files/patch-test.pl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/www/mod_evasive/files/patch-test.pl Sat Jun 27 08:49:26 2020 (r540569) @@ -0,0 +1,11 @@ +--- test.pl.orig 2017-02-22 02:33:36 UTC ++++ test.pl +@@ -10,7 +10,7 @@ for(0..100) { + my($SOCKET) = new IO::Socket::INET( Proto => "tcp", + PeerAddr=> "127.0.0.1:80"); + if (! defined $SOCKET) { die $!; } +- print $SOCKET "GET /?$_ HTTP/1.0\n\n"; ++ print $SOCKET "GET /?$_ HTTP/1.0\r\n\r\n"; + $response = <$SOCKET>; + print $response; + close($SOCKET); Modified: head/www/mod_evasive/pkg-descr ============================================================================== --- head/www/mod_evasive/pkg-descr Sat Jun 27 08:33:27 2020 (r540568) +++ head/www/mod_evasive/pkg-descr Sat Jun 27 08:49:26 2020 (r540569) @@ -1,30 +1,7 @@ mod_dosevasive is an evasive maneuvers module for Apache to provide evasive -action in the event of an HTTP DoS or DDoS attack or brute force attack. -It is also designed to be a detection and network management tool, and can be -easily configured to talk to ipchains, firewalls, routers, and etcetera. +action in the event of an HTTP DoS or DDoS attack or brute force attack. It is +also designed to be a detection and network management tool, and can be easily +configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities. - -Detection is performed by creating an internal dynamic hash table of IP -Addresses and URIs, and denying any single IP address from any of the -following: - - * Requesting the same page more than a few times per second - * Making more than 50 concurrent requests on the same child per second - * Making any requests while temporarily blacklisted (on a blocking list) - -This method has worked well in both single-server script attacks as well as -distributed attacks, but just like other evasive tools, is only as useful to -the point of bandwidth and processor consumption (e.g. the amount of bandwidth -and processor required to receive/process/respond to invalid requests), which -is why it's a good idea to integrate this with your firewalls and routers for -maximum protection. - -This module instantiates for each listener individually, and therefore has a -built-in cleanup mechanism and scaling capabilities. Because of this per-child -design, legitimate requests are never compromised (even from proxies and NAT -addresses) but only scripted attacks. Even a user repeatedly clicking on -'reload' should not be affected unless they do it maliciously. mod_dosevasive -is fully tweakable through the Apache configuration file, easy to incorporate -into your web server, and easy to use. WWW: https://github.com/jzdziarski/mod_evasive
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006270849.05R8nQHS060902>