logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_dosevasive for apache 2.2 Page Previous  1, 2
Author
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Wed 28 May '08 2:24    Post subject: Reply with quote

re: "tdonovan, can you please share your compiled for 2.2.8 version of dosevasive?"This build is completely untested (I don't use it), so please test it carefully!
It would be helpful if you could post your testing results here for anyone else who might want to use it.

re: "I tryed to use old dosevasive for apache 2.2.4-6, but it`s a bit laggy."
    This is pretty much the exact same code, just compiled with VC8 - so I'm not sure it will be a lot different.
    Do you mean it was slow, or was something else wrong with the 2.2.4 version?
-tom-
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Wed 28 May '08 22:49    Post subject: Reply with quote

My findings with this module (VC6) with what little time I tested it was:

I hammered three consecutive requests and I get a 403 on third, and continue getting 403 till I give it 10 seconds rest ... seems like that is exactly what it claims to do so it seems to work. One would have to disable it before running ab.exe on it, that is for sure. In my opinion it seems to not go far enough however, I think one would want it to deny access and simply drop connection with no response after so many hits over the first 3, sending back large amounts of 403 responses I think could still drown someones outbound connection, especially those of us who do not have 1Mb+ outbound bandwidth.

I am curious why logging to mod_dosevasive was disabled. One logging node however it seems was kept and output sent to /tmp, then it seems never used again.

Tom, thanks for the compile instructions.
Steffen, thanks for porting it.
Back to top
grag



Joined: 29 Jan 2010
Posts: 2

PostPosted: Fri 29 Jan '10 15:51    Post subject: Reply with quote

Hi guys!
Can you help me to compiled mod_dosevasive2.2 for apache 2.2.14?
so or dll was a great-full
thanks
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 02 Feb '10 3:00    Post subject: Reply with quote

why not just use the one in Tom's post. The file is still there behind the link.
Back to top
grag



Joined: 29 Jan 2010
Posts: 2

PostPosted: Tue 02 Feb '10 13:08    Post subject: Reply with quote

glsmith, because this version haven't stable work with apache 2.2.14.
I'm don't know 'why'?
I've a stable work with compile .dll version above apache 2.2.6, but i'm need 2.2.14 version to use
Back to top
Jura



Joined: 08 Jun 2006
Posts: 12

PostPosted: Tue 09 Mar '10 11:38    Post subject: Reply with quote

It works fine for me under 2.2.14 version...
Back to top
uberduck



Joined: 16 Oct 2010
Posts: 1

PostPosted: Sat 16 Oct '10 19:32    Post subject: Reply with quote

Jura wrote:
It works fine for me under 2.2.14 version...

Would you mind telling me the procedures you have taken to install this mod?

I've tried copying the .so and .c file into apache module folder, and adding the LoadModule and IfModule directives, the apache starts up fine, but I no 403 were shown even when I was refreshing the page like crazy!

BTW I am seeing a bunch of logs in the error.log, saying an ip has been denied by server configuration (Possible DOS Attack) but i have no idea if it's restricted by mod_security or mod_evasive Crying or Very sad
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 16 Oct '10 21:34    Post subject: Reply with quote

Code:
    /* END DoS Evasive Maneuvers Code */

    if (ret == HTTP_FORBIDDEN
   && (ap_satisfies(r) != SATISFY_ANY || !ap_some_auth_required(r))) {
        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
            "client denied by server configuration: %s (Possible DOS Attack)",
            r->filename);
    }


I'd say that is mod_dosevasive making the noise as shown in the code above, taken from the source.

That your browser is still showing you something is strange, unless it is pulling up a copy from it's cache. However, if it is maybe graphics on the page that are 403ing, you may still see most of the page but certain graphics may be missing.

I won't use this module, a million 403 returns from the server to a million bogus requests DDOSing me is still going to clog the pipe, so why bother, ride it out or change IPs which for me is rather easy. If it's just a few sources trying to DDOS me, I kill them at the firewall.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sat 16 Oct '10 22:05    Post subject: Reply with quote

Oh, but to answer your actual question, I guess I can't since I cannot find my config from way back when, took me forever to find but I did find this which explains the config options.

INSTALL

Copy mod_dosevasive.so to your Apache 2.2.x modules folder
.../apache22/modules/mod_dosevasive.so

# Add to your httpd.conf:

LoadModule dosevasive22_module modules/mod_dosevasive22.so

EXAMPLE CONFIGURATION:

This section is intended for people that want to modify some of the default settings. There is no requirement to do this. The below example is using the default settings built into the module.

<IfModule dosevasive22_module>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

The following is a description of all the settings/variables:

DOSHashTableSize
Size of the hash table. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.

DOSPageCount
Number of requests for the same page within the 'DOSPageInterval' interval that will get an IP address added to the blocking list.

DOSSiteCount
Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.

DOSPageInterval
Interval for the 'DOSPageCount' threshold in second intervals.

DOSSiteInterval
Interval for the 'DOSSiteCount' threshold in second intervals.

DOSBlockingPeriod
Blocking period in seconds if any of the thresholds are met. The user will recieve a 403 (Forbidden) when blocked, and the timer will be reset each time the site gets hit when the user is still blocked.

Have fun!
Back to top
Schnielz



Joined: 21 Nov 2010
Posts: 1

PostPosted: Sun 21 Nov '10 16:12    Post subject: Reply with quote

You guys made my day!
Back to top
powergo



Joined: 04 Jan 2011
Posts: 1

PostPosted: Tue 04 Jan '11 20:01    Post subject: Reply with quote

easy to install it here
http://www.web4host.net/forum/viewtopic.php?f=2&t=1
Back to top
prophet.six



Joined: 27 May 2011
Posts: 1

PostPosted: Fri 27 May '11 22:21    Post subject: mod_dosevasive22 & Apache 2.2.19 Reply with quote

Using the compiled module from tdonovan in this post, I was able to setup mod_dosevasive22 on my new installation of Apache 2.2.19 runing on an XP box and it works without any problems.

This seems like a decent tool for brute force password protection but not so much for DoS attacks, unless the 403 response is less burdensome on the server which it very well may be.

New user and first time poster here, I'm happy to have found this site as it is a treasure trove of information. Good work.
Back to top
ZoHaN



Joined: 11 Dec 2011
Posts: 1
Location: ROMANIA

PostPosted: Sun 11 Dec '11 4:26    Post subject: Reply with quote

i have try to use this but is not working so well for me i have W2003 server , and i have wat i have read to be a Ddos Atack 5200 TCP connects /s flood my website and because of it is down

please advice i have Apache 2.2 from Xampp , and from this attack i have my CPU load 100% , and even my firewall cant take the load of bloking all the conections becasue then he will load the CPU 100% so i need somting that will deny acces i was full of hope wen i read of this mod_evasive , but i have seen only linux part i need for Win2003 serv
Back to top


Reply to topic   Topic: mod_dosevasive for apache 2.2 View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules Page Previous  1, 2