summaryrefslogtreecommitdiff
path: root/network/mod_evasive/README
diff options
context:
space:
mode:
authorMenno E. Duursma <druiloor@zonnet.nl>2010-05-11 22:54:55 +0200
committerErik Hanson <erik@slackbuilds.org>2010-05-11 22:54:55 +0200
commit4559304ed9b8d0b39a57ce7a9154b09db8bfc222 (patch)
tree91c569c85fc9ba9fad53f54479be03bd1674ebca /network/mod_evasive/README
parentea78ddeb3707c2cf2e12687ca2b9b527fc654367 (diff)
downloadslackbuilds-4559304ed9b8d0b39a57ce7a9154b09db8bfc222.tar.gz
network/mod_evasive: Added to 12.1 repository
Diffstat (limited to 'network/mod_evasive/README')
-rw-r--r--network/mod_evasive/README39
1 files changed, 39 insertions, 0 deletions
diff --git a/network/mod_evasive/README b/network/mod_evasive/README
new file mode 100644
index 0000000000..5cebd45147
--- /dev/null
+++ b/network/mod_evasive/README
@@ -0,0 +1,39 @@
+mod_evasive maneuvers module for Apache to provide evasive action in the event
+of an HTTP DoS or DDoS attack or brute force attack. It is also designed
+to be a detection and network management tool, and can be easily configured
+to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
+reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+
+ * Requesting the same page more than a few times per second
+ * Making more than 50 concurrent requests on the same child per second
+ * Making any requests while temporarily blacklisted (on a blocking list)
+
+
+To enable it edit /etc/httpd/httpd.conf to have like the following:
+
+LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
+
+<IfModule mod_evasive20.c>
+ DOSHashTableSize 3097
+ DOSPageCount 2
+ DOSSiteCount 50
+ DOSPageInterval 1
+ DOSSiteInterval 1
+ DOSBlockingPeriod 10
+</IfModule>
+
+
+To test enter the following command:
+
+ perl /usr/doc/mod_evasive-$VERSION/test.pl | more
+
+Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
+
+mod_evasive is fully tweakable through the Apache configuration file, see
+the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
+