diff options
author | Menno E. Duursma <druiloor@zonnet.nl> | 2010-05-11 22:54:55 +0200 |
---|---|---|
committer | Erik Hanson <erik@slackbuilds.org> | 2010-05-11 22:54:55 +0200 |
commit | 4559304ed9b8d0b39a57ce7a9154b09db8bfc222 (patch) | |
tree | 91c569c85fc9ba9fad53f54479be03bd1674ebca /network/mod_evasive/README | |
parent | ea78ddeb3707c2cf2e12687ca2b9b527fc654367 (diff) | |
download | slackbuilds-4559304ed9b8d0b39a57ce7a9154b09db8bfc222.tar.gz |
network/mod_evasive: Added to 12.1 repository
Diffstat (limited to 'network/mod_evasive/README')
-rw-r--r-- | network/mod_evasive/README | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/network/mod_evasive/README b/network/mod_evasive/README new file mode 100644 index 0000000000..5cebd45147 --- /dev/null +++ b/network/mod_evasive/README @@ -0,0 +1,39 @@ +mod_evasive maneuvers module for Apache to provide evasive action in the event +of an HTTP DoS or DDoS attack or brute force attack. It is also designed +to be a detection and network management tool, and can be easily configured +to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently +reports abuses via email and syslog facilities. + +Detection is performed by creating an internal dynamic hash table of IP +Addresses and URIs, and denying any single IP address from any of the +following: + + + * Requesting the same page more than a few times per second + * Making more than 50 concurrent requests on the same child per second + * Making any requests while temporarily blacklisted (on a blocking list) + + +To enable it edit /etc/httpd/httpd.conf to have like the following: + +LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so + +<IfModule mod_evasive20.c> + DOSHashTableSize 3097 + DOSPageCount 2 + DOSSiteCount 50 + DOSPageInterval 1 + DOSSiteInterval 1 + DOSBlockingPeriod 10 +</IfModule> + + +To test enter the following command: + + perl /usr/doc/mod_evasive-$VERSION/test.pl | more + +Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden + +mod_evasive is fully tweakable through the Apache configuration file, see +the READE file in /usr/doc/mod_evasive-$VERSION for configuration details. + |