logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_evasive not working
Author
Mox



Joined: 14 Sep 2021
Posts: 8

PostPosted: Sun 02 Jun '24 23:24    Post subject: mod_evasive not working Reply with quote

I installed mod_evasive for Apache 2.4 but it's not working properly.

I set DOSBlockingPeriod 100, and it works but I can still load page when I close the browser and do refresh.

Can someone help me?
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 226
Location: Denver, CO USA

PostPosted: Mon 03 Jun '24 0:41    Post subject: Reply with quote

1. Make sure you have Mod_Evasive loading in your HTTPD.conf file
LoadModule evasive_module modules/mod_evasive.so

2. Make sure you have it pointing to a location for its configuration in your HTTPD.conf file. Mine is in its own .conf file
# Evasive Module configuration
<IfModule evasive_module>
Include conf/extra/httpd-evasive.conf
</IfModule>


3. Sample .conf file for Mod_Evasive
# Place this file in your Apache /conf/extra directory, modify as desired and then add to your httpd.conf
# file somewhere in the global context.
#
# Include conf/extra/httpd-evasive.conf
#
# Required modules: evasive_module
#
<IfModule evasive_module>
DOSBlockingPeriod 10
#DOSEmailNotify you@yourdomain.com
DOSEnabled true
DOSHashTableSize 3097
DOSHTTPStatus 429
DOSLogDir "C:/Program Files/Apache/logs"
DOSPageCount 2
DOSPageInterval 1
DOSSiteCount 50
DOSSiteInterval 1
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSWhitelist 127.0.0.1
#DOSWhitelistUri whitelist.*regex
</IfModule>
#
# End of configuration file for mod_evasive


Hope this helps to get you pointed in the right direction.

--S
Back to top
Mox



Joined: 14 Sep 2021
Posts: 8

PostPosted: Mon 03 Jun '24 1:45    Post subject: Reply with quote

mod_evasive is working, but not as I expected.

I set DOSBlockingPeriod 100, and I simulate DoS attack. I can see in error.log that evasive is blocking requests.
But I can still refresh page and load after 10 seconds.
That should not happen.

Code:
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     3
    DOSSiteInterval     1
    DOSBlockingPeriod   100

    #DOSEmailNotify      you@yourdomain.com
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"
    DOSLogDir           "/var/log/mod_evasive"
</IfModule>
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 226
Location: Denver, CO USA

PostPosted: Wed 05 Jun '24 3:25    Post subject: Reply with quote

Granted my knowledge is on the Windows side, I did manage to test in the Linux world.

I have Apache 2.4.59 on a Linux Mint machine and installed Mod_Evasive, configured it and tested it per the link at:

https://phoenixnap.com/kb/apache-mod-evasive

I received HTTP/1.1 400 Bad Request when running the test mentioned in the KB article.

Not sure if you are running different tests? Maybe 'James Blonde' can chime in and provide more assistance?
Back to top
DnvrSysEngr



Joined: 15 Apr 2012
Posts: 226
Location: Denver, CO USA

PostPosted: Wed 05 Jun '24 3:59    Post subject: Reply with quote

Addendum:

As I mentioned above, I was getting 400 for my error code.

Looks like the problem depends on test.pl (Remember I am using the the Apache test.pl file)

Found this article that said to

rewrite the line

print $SOCKET "GET /?$_ HTTP/1.0\n\n";

as

print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";

This now yields me 403 as my error code.

https://stackoverflow.com/questions/51172923/mod-evasive-not-working-on-apache-2-4-6

That is the extent of my knowledge of Mod_Evasive. Maybe it is parameters used in test?
Back to top


Reply to topic   Topic: mod_evasive not working View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules