logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_evasive :: Updated
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3094
Location: Hilversum, NL, EU

PostPosted: Tue 14 Jul '15 12:11    Post subject: mod_evasive :: Updated Reply with quote

Apache mod_evasive (also formally known as Mod_dosevasive) helps to prevent HTTP DoS (DDoS) attacks or server brute force attacks. The module works it's magic by blocking access to your server from connections by the perpetrating single IP address that exceeded more than 50 concurrent connections to Apache or loading the same page more then a few times per second.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

1. Requesting the same page more than a few times per second
2. Making more than 50 concurrent requests on the same child per second
3. Making any requests while temporarily blacklisted (on a blocking list)

The module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.

Authors home at https://github.com/jvdmr/mod_evasive

Steffen


Last edited by Steffen on Mon 17 Jun '19 16:01; edited 1 time in total
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Mon 26 Aug '19 12:54    Post subject: Reply with quote

Documentation: https://github.com/jvdmr/mod_evasive/blob/master/README.md

Updated to version 2.0, VS16 only.

Changes:

* Support for per-vhost configuration instead of only global
* Added DOSHTTPStatus directive
* evasive20_module is now simply called evasive_module
* Greg Smith's windows port added

When you update you have to change LoadModule evasive2_module modules/mod_evasive2.so to:

LoadModule evasive_module modules/mod_evasive.so


Last edited by admin on Mon 21 Oct '24 9:51; edited 1 time in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3094
Location: Hilversum, NL, EU

PostPosted: Sun 09 Feb '20 12:24    Post subject: Reply with quote

Updated VS16 to version 2.2.0

In this release, added a new configuration option DOSWhitelistUri which takes a Perl-style regex and matches it against the request's URI. If it matches, the request is allowed and not counted towards the DOS limit.
Back to top
first_family



Joined: 26 Mar 2020
Posts: 1
Location: Krasnodar, Russia

PostPosted: Thu 26 Mar '20 8:52    Post subject: Reply with quote

DOSWhitelistUri is not working for me.

The error occurs:
Code:
Invalid command 'DOSWhitelistUri', perhaps misspelled or defined by a module not included in the server configuration.


mod_evasive 2.2.0 win64, Apache 2.4.41 win64

-------

I read mod_evasive Windows code on Github. This future not implemented. Author released it only in mod_evasive24.c not in mod_evasive24win.c
Back to top
mrdj1024



Joined: 03 Apr 2023
Posts: 55
Location: Bridgeton,NJ,USA

PostPosted: Sat 12 Oct '24 4:19    Post subject: Reply with quote

it appears 2.3.0 is out with a bugfix for windows,any chance we can get an updated module for windows?
https://github.com/jvdmr/mod_evasive/blob/main/CHANGELOG
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Mon 21 Oct '24 9:49    Post subject: Reply with quote

Update to new 2.3.0

DOSWhitelistUri is now working.
Back to top


Reply to topic   Topic: mod_evasive :: Updated View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules