summaryrefslogtreecommitdiff
path: root/network/mod_evasive/README
diff options
context:
space:
mode:
Diffstat (limited to 'network/mod_evasive/README')
-rw-r--r--network/mod_evasive/README39
1 files changed, 39 insertions, 0 deletions
diff --git a/network/mod_evasive/README b/network/mod_evasive/README
new file mode 100644
index 0000000000..5cebd45147
--- /dev/null
+++ b/network/mod_evasive/README
@@ -0,0 +1,39 @@
+mod_evasive maneuvers module for Apache to provide evasive action in the event
+of an HTTP DoS or DDoS attack or brute force attack. It is also designed
+to be a detection and network management tool, and can be easily configured
+to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
+reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+
+ * Requesting the same page more than a few times per second
+ * Making more than 50 concurrent requests on the same child per second
+ * Making any requests while temporarily blacklisted (on a blocking list)
+
+
+To enable it edit /etc/httpd/httpd.conf to have like the following:
+
+LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
+
+<IfModule mod_evasive20.c>
+ DOSHashTableSize 3097
+ DOSPageCount 2
+ DOSSiteCount 50
+ DOSPageInterval 1
+ DOSSiteInterval 1
+ DOSBlockingPeriod 10
+</IfModule>
+
+
+To test enter the following command:
+
+ perl /usr/doc/mod_evasive-$VERSION/test.pl | more
+
+Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
+
+mod_evasive is fully tweakable through the Apache configuration file, see
+the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
+
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-23 22:45:55 +0000