logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: Mod_antiloris for 2.4
Author
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Sun 19 Feb '12 14:54    Post subject: Mod_antiloris for 2.4 Reply with quote

Hello,

is it possible to compile mod_antiloris for apache 2.4 ?
Thanks
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Sun 19 Feb '12 15:28    Post subject: Reply with quote

Yep, can you test it ?

Download is Removed, see the note below from Gregg:
Come to think of it, in reality, mod_reqtimeout is a better module to use. It's not such a hard limit. I use it along with mod_antiloris 0.4.1. mod_reqtimeout is more giving, in there if data is flowing, it will not timeout. It's adjustable and works on both sides of the request, thereby defending against Antiloris as well as SlowHttp attacks......

Steffen


Last edited by admin on Fri 24 Feb '12 12:39; edited 3 times in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3093
Location: Hilversum, NL, EU

PostPosted: Sun 19 Feb '12 16:59    Post subject: Reply with quote

It crashes here.

Steffen
Back to top
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Sun 19 Feb '12 23:04    Post subject: Reply with quote

Crash here too
Back to top
NewEraCracker



Joined: 23 Aug 2010
Posts: 36

PostPosted: Mon 20 Feb '12 0:51    Post subject: Reply with quote

I don't know how steffen did build it. I am using apxs and visual studio 9 here.

While apxs over visual studio cmd line, building mod_antiloris.c from source does fail.

I've edited the file build\config_vars.mk (line 74) to include the apache lib files in link options.

Code:
LDFLAGS = kernel32.lib "C:\Apache24\lib\*.lib" /nologo /subsystem:windows /dll /machine:I386 /libpath:"C:\Apache24\lib"


Aparently it seems the issue is with the code, apache 2.4 seems to have some minor breakage:

Code:
C:\Apache24\bin>apxs -cia ../build/mod_antiloris.c
Use of assignment to $[ is deprecated at apxs.bat line 120.
cl  /nologo /MD /W3 /O2 /D WIN32 /D _WINDOWS /D NDEBUG    -I"C:\Apache24\include
"  /c /Fo../build/mod_antiloris.lo ../build/mod_antiloris.c
mod_antiloris.c
../build/mod_antiloris.c(130) : error C2039: 'remote_ip' : is not a member of 'c
onn_rec'
        c:\apache24\include\httpd.h(1056) : see declaration of 'conn_rec'
../build/mod_antiloris.c(130) : warning C4047: 'function' : 'const char *' diffe
rs in levels of indirection from 'unsigned int'
../build/mod_antiloris.c(130) : warning C4024: 'apr_cpystrn' : different types f
or formal and actual parameter 2
../build/mod_antiloris.c(130) : error C2198: 'apr_cpystrn' : too few arguments f
or call
../build/mod_antiloris.c(137) : warning C4047: 'function' : 'ap_sb_handle_t *' d
iffers in levels of indirection from 'int'
../build/mod_antiloris.c(137) : warning C4024: 'ap_get_scoreboard_worker' : diff
erent types for formal and actual parameter 1
../build/mod_antiloris.c(137) : warning C4020: 'ap_get_scoreboard_worker' : too
many actual parameters
../build/mod_antiloris.c(156) : error C2039: 'remote_ip' : is not a member of 'c
onn_rec'
        c:\apache24\include\httpd.h(1056) : see declaration of 'conn_rec'
apxs:Error: Command failed with rc=131072
.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 20 Feb '12 3:13    Post subject: Reply with quote

I've got 0.4(.1) now at Apache Haus, we have been supplying it with our 2.3.x betas since we started distributing them back at 2.3.5.

I will have NewEra's 0.5(.1) up shortly, I just compiled the x64 one. I'm still not convinced about some of the targets in 0.5 but, why fight it Smile

And yes, In my view they went out of their way to break just about every 3rd party module out there.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 20 Feb '12 4:06    Post subject: Reply with quote

Come to think of it, in reality, mod_reqtimeout is a better module to use. It's not such a hard limit. I use it along with mod_antiloris 0.4.1. mod_reqtimeout is more giving, in there if data is flowing, it will not timeout. It's adjustable and works on both sides of the request, thereby defending against Antiloris as well as SlowHttp attacks.

I have found this to be a happy setting for it:

<IfModule reqtimeout_module>
RequestReadTimeout header=10-25,MinRate=250
</IfModule>

I only change the header timeout from the modules default setting as I am more concerned about a quicker early response on that side of the request, yet I have lowered the bar for getting more time. None the less, at 25 seconds, the request times out. In an actual Antiloris attack, it would time out at 10 seconds.

http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
Back to top
NewEraCracker



Joined: 23 Aug 2010
Posts: 36

PostPosted: Mon 20 Feb '12 12:47    Post subject: Reply with quote

For the slowloris attack mod_reqtimeout comes handy, but the build I've made of mod_antiloris (the 0.5) has protection against other attacks such as slowpost DoS.

In my server I run mod_reqtimeout and mod_antiloris with the following configuration:

Code:
<IfModule antiloris_module>
    IPReadLimit 20
</IfModule>

<IfModule reqtimeout_module>
    RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>


Both come handy.

By the way, glsmith, can you please also include the source code in the download archive? I'd like to learn about the changes to make the module compatible with apache 2.4.

Thank you.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 20 Feb '12 19:25    Post subject: Reply with quote

I'll repackage in a day or two and include the diff.


Code:

--- mod_antiloris.c    2011-09-09 05:22:39.747070300 -0700
+++ mod_antiloris.c    2012-02-19 12:10:55.349000000 -0800
@@ -22,11 +22,16 @@
 #include "http_connection.h"
 #include "http_log.h"
 #include "ap_mpm.h"
+#include "ap_release.h"
 #include "apr_strings.h"
 #include "scoreboard.h"
 
 #define MODULE_NAME "mod_antiloris"
-#define MODULE_VERSION "0.5"
+#define MODULE_VERSION "0.5.1"
+
+#ifdef APLOG_USE_MODULE
+APLOG_USE_MODULE(antiloris);
+#endif
 
 module AP_MODULE_DECLARE_DATA antiloris_module;
 
@@ -105,6 +110,7 @@
    ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, MODULE_NAME " " MODULE_VERSION " started");
    ap_mpm_query(AP_MPMQ_HARD_LIMIT_THREADS, &thread_limit);
    ap_mpm_query(AP_MPMQ_HARD_LIMIT_DAEMONS, &server_limit);
+  ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
    return OK;
 }
 
@@ -127,14 +133,18 @@
    worker_score *ws_record;
 
    ws_record = &ap_scoreboard_image->servers[sbh->child_num][sbh->thread_num];
-   apr_cpystrn(ws_record->client, c->remote_ip, sizeof(ws_record->client));
+   apr_cpystrn(ws_record->client, c->client_ip, sizeof(ws_record->client));
 
    client_ip = ws_record->client;
 
    /* Count up the number of connections we are handling right now from this IP address */
    for (i = 0; i < server_limit; ++i) {
    for (j = 0; j < thread_limit; ++j) {
+#if AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER > 2
+        ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
+#else
          ws_record = ap_get_scoreboard_worker(i, j);
+#endif
          switch (ws_record->status) {
             case SERVER_BUSY_READ:
             case SERVER_BUSY_WRITE:
@@ -153,7 +163,7 @@
    }
 
    if (ip_count > conf->limit) {
-      ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->remote_ip);
+      ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, "[client %s] Antiloris rejected, too many connections", c->client_ip);
       return OK;
    } else {
       return DECLINED;
@@ -161,17 +171,10 @@
 }
 
 
-static void child_init (apr_pool_t *p, server_rec *s)
-{
-   ap_add_version_component(p, MODULE_NAME "/" MODULE_VERSION);
-}
-
-
 static void register_hooks(apr_pool_t *p)
 {
    ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
    ap_hook_process_connection(pre_connection, NULL, NULL, APR_HOOK_FIRST);
-   ap_hook_child_init(child_init, NULL, NULL, APR_HOOK_MIDDLE);
 }
 
 module AP_MODULE_DECLARE_DATA antiloris_module = {

Back to top
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Thu 23 Feb '12 19:02    Post subject: Reply with quote

Hello,

Mod_antiloris 0.5.1 from apachehaus work like a charm Wink
Back to top


Reply to topic   Topic: Mod_antiloris for 2.4 View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules