summaryrefslogtreecommitdiff
path: root/network/mod_evasive
diff options
context:
space:
mode:
Diffstat (limited to 'network/mod_evasive')
-rw-r--r--network/mod_evasive/README39
-rw-r--r--network/mod_evasive/mod_evasive.SlackBuild65
-rw-r--r--network/mod_evasive/mod_evasive.info8
-rw-r--r--network/mod_evasive/slack-desc19
4 files changed, 131 insertions, 0 deletions
diff --git a/network/mod_evasive/README b/network/mod_evasive/README
new file mode 100644
index 0000000000..5cebd45147
--- /dev/null
+++ b/network/mod_evasive/README
@@ -0,0 +1,39 @@
+mod_evasive maneuvers module for Apache to provide evasive action in the event
+of an HTTP DoS or DDoS attack or brute force attack. It is also designed
+to be a detection and network management tool, and can be easily configured
+to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
+reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+
+ * Requesting the same page more than a few times per second
+ * Making more than 50 concurrent requests on the same child per second
+ * Making any requests while temporarily blacklisted (on a blocking list)
+
+
+To enable it edit /etc/httpd/httpd.conf to have like the following:
+
+LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
+
+<IfModule mod_evasive20.c>
+ DOSHashTableSize 3097
+ DOSPageCount 2
+ DOSSiteCount 50
+ DOSPageInterval 1
+ DOSSiteInterval 1
+ DOSBlockingPeriod 10
+</IfModule>
+
+
+To test enter the following command:
+
+ perl /usr/doc/mod_evasive-$VERSION/test.pl | more
+
+Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
+
+mod_evasive is fully tweakable through the Apache configuration file, see
+the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
+
diff --git a/network/mod_evasive/mod_evasive.SlackBuild b/network/mod_evasive/mod_evasive.SlackBuild
new file mode 100644
index 0000000000..607e2e5e58
--- /dev/null
+++ b/network/mod_evasive/mod_evasive.SlackBuild
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# Slackware build script for mod_evasive (an Apache DoS protection module)
+
+# Written by Menno E. Duursma
+
+# This program is free software. It comes without any warranty.
+# Granted WTFPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.
+
+# Modified by SlackBuilds.org
+
+PRGNAM=mod_evasive
+VERSION=1.10.1
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+CWD=`pwd`
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+fi
+
+set -e # exit on most errors
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM
+tar -xzvf $CWD/${PRGNAM}_${VERSION}.tar.gz
+cd $PRGNAM
+chown -R root:root .
+chmod -R a-s,u+w,go+r-w .
+
+# Create target dir
+mkdir -p $PKG/usr/lib/httpd/modules
+
+# Compile module as DSO (dynmically shared object)
+CFLAGS="$SLACKFLAGS" \
+apxs -ca mod_evasive20.c
+
+# copy into place
+cp -v .libs/mod_evasive20.so $PKG/usr/lib/httpd/modules
+
+( cd $PKG || exit 1
+ find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a CHANGELOG LICENSE README test.pl $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+find $PKG/usr/doc -type f -exec chmod 0644 {} \;
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/network/mod_evasive/mod_evasive.info b/network/mod_evasive/mod_evasive.info
new file mode 100644
index 0000000000..f8e629f3e8
--- /dev/null
+++ b/network/mod_evasive/mod_evasive.info
@@ -0,0 +1,8 @@
+PRGNAM="mod_evasive"
+VERSION="1.10.1"
+HOMEPAGE="http://www.zdziarski.com/projects/mod_evasive/"
+DOWNLOAD="http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz"
+MD5SUM="784fca4a124f25ccff5b48c7a69a65e5"
+MAINTAINER="Menno E. Duursma"
+EMAIL="druiloor@zonnet.nl"
+APPROVED="Erik Hanson"
diff --git a/network/mod_evasive/slack-desc b/network/mod_evasive/slack-desc
new file mode 100644
index 0000000000..054e67d7be
--- /dev/null
+++ b/network/mod_evasive/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+mod_evasive: mod_evasive (an Apache anti-DoS module)
+mod_evasive:
+mod_evasive: mod_evasive is an evasive maneuvers module for Apache to
+mod_evasive: provide evasive action in the event of an HTTP DoS or DDoS
+mod_evasive: attack or brute force attack.
+mod_evasive:
+mod_evasive: mod_evasive is maintained by Jonathan A. Zdziarski.
+mod_evasive:
+mod_evasive:
+mod_evasive:
+mod_evasive: