| Author |
|
sailor
Joined: 17 Apr 2015
Posts: 82
Location: US
|
 Posted: Tue 09 Aug '16 16:41 Post subject: mod_evasive DOSSystemCommand |
 |
|
I have this module working (tested using the test.pl), but cannot get command to work:
DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\""
Also, logging does not seem to do anything either:
DOSLogDir "D:/Apache24/logs"
I use cronolog for logging, so could that be interfering?
ErrorLog "|d:/apache24/cronolog.exe logs/error_%m-%d-%Y.log" |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 09 Aug '16 19:49 Post subject: Re: mod_evasive DOSSystemCommand |
|
|
| sailor wrote: | | DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\"" |
DOS (not DDOS) doesn't understand / as a path separator. Maybe try with \\ instead.
\"d:\\jobs\\dosevasive\\log.cmd %s\""
That some things in mod_evasive do not work on Windows is of no surprise however since it was written for Unix. |
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 82
Location: US
|
| Posted: Tue 09 Aug '16 21:16 Post subject: Re: mod_evasive DOSSystemCommand |
|
|
| glsmith wrote: | | sailor wrote: | | DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\"" |
DOS (not DDOS) doesn't understand / as a path separator. Maybe try with \\ instead.
\"d:\\jobs\\dosevasive\\log.cmd %s\""
That some things in mod_evasive do not work on Windows is of no surprise however since it was written for Unix. |
Apache would not start with your \"d:..."" Removed those and it starts ok, but still no luck. I also switched logs to similar \\, but that did not create or append to any log.
Apache runs as localsystem, so wonder if there's something there.
The only thing in the access log is
192.168.1.1 - - [09/Aug/2016:15:10:58 -0400] HTTP/1.0 "GET /?0 HTTP/1.0" 200 19296 "-" "-"
Yet, when I run the test.pl I get connection refused. |
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 82
Location: US
|
| Posted: Tue 09 Aug '16 21:46 Post subject: Re: mod_evasive DOSSystemCommand |
|
|
I removed cronolog log and just using default customlog and still not logging.
This is what I get in accesslog:
192.168.1.4 - - [09/Aug/2016:15:30:23 -0400] "GET /?0 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:31 -0400] "GET /?1 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:34 -0400] "GET /?2 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:35 -0400] "GET /?3 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:37 -0400] "GET /?4 HTTP/1.0" 200 19296
output from test.pl:
HTTP/1.0 200 OK
HTTP/1.0 200 OK
Connection refused at test.pl line 12. |
|
| Back to top |
|
sailor
Joined: 17 Apr 2015
Posts: 82
Location: US
|
| Posted: Wed 10 Aug '16 21:03 Post subject: Re: mod_evasive DOSSystemCommand |
|
|
Well, oddly, I notice there's a file named dos-(insert ip here).147 in my error log directory with the ip blacklisted.
my conf (as per the instructions!):
DOSLogDir "D:/Apache24/logs" |
|
| Back to top |
|
