2017-08-24 01:13 ACST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000654Port RequestsPort Requestpublic2016-01-03 10:37
ReporterLewisR 
Assigned Topsmedley 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
Summary0000654: Consider building mod_evasive for Apache 2.2 and 2.4
Descriptionmod_evasive is potentially useful in mitigating DoS attacks against Apache.
Additional InformationMore information may be gleaned from the (apparent) source page:

http://www.zdziarski.com/blog/?page_id=442

and here:

http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/
https://systembash.com/how-to-stop-an-apache-ddos-attack-with-mod_evasive/
https://github.com/KoHead/mod_evasive
https://github.com/deasmi/mod_evasive
https://github.com/skonb/evasive (some possibly interesting additions)
https://github.com/shivaas/mod_evasive (fork for Apache 2.4)

I'm primarily concerned with Apache 2.2, at this point, but I can see an upgrade to 2.4 in the coming months.
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0003078

psmedley (administrator)

Hi - the way I read the docs, mod_evasive works by updating the iptables rules - which won't help on OS/2 - http://xmodulo.com/harden-apache-web-server-mod_security-mod_evasive-centos.html

It does seem though, that it can process a script to update a firewall - can injoy firewall rules be updated via a rexx script?

~0003079

LewisR (developer)

I thought that iptables only comes into play if you want to add a permanent rule via DOSSystemCommand. Other than that, the rules are merely held in memory until the server is restarted.

You seem to be reading the above differently than I, Paul. Anything in the sources, I wonder?

I've asked Yuri to comment on updating InJoy rules via REXX, in the meantime.

~0003080

psmedley (administrator)

I only had a quick read - I'll see if I can have a crack at building it soon

~0003081

psmedley (administrator)

Built from http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

NOT tested by me - http://smedley.id.au/tmp/evasive.zip (for Apache 2.2)

~0003082

LewisR (developer)

FWIW, Yuri says:

[...] you can modify the blacklist configuration file and ask
IJFW to refresh configuration.

He couldn't see a way to do this via dll call or REXX. The blacklst.cnf is plain text, though.

~0003083

LewisR (developer)

Thanks, Paul!

I'll let you know what we get.

~0003084

LewisR (developer)

Variables:

Is mailer set to "/bin/mail -t %s" or...? If so, I'll just need to add a link or a script to redirect to sendmail.

Is default DOSLogDir set to /tmp, and should it recognize paths relative to the location from which httpd.exe was started, e.g., "logs/"?

~0003085

psmedley (administrator)

This was a simple compile. No attempts were made to 'port' this in anyway.
from mod_evasive20.c:

#define MAILER "/bin/mail %s"
#define DEFAULT_LOG_DIR "/tmp" // Default temp directory

~0003086

LewisR (developer)

That's fine, as long as I know. Thanks!

Resolving this. Any further issues will be reported separately.
+Notes

-Issue History
Date Modified Username Field Change
2015-07-31 04:59 LewisR New Issue
2016-01-03 08:04 psmedley Note Added: 0003078
2016-01-03 08:43 LewisR Note Added: 0003079
2016-01-03 08:49 psmedley Note Added: 0003080
2016-01-03 09:05 psmedley Note Added: 0003081
2016-01-03 09:05 psmedley Assigned To => psmedley
2016-01-03 09:05 psmedley Status new => feedback
2016-01-03 09:09 LewisR Note Added: 0003082
2016-01-03 09:09 LewisR Status feedback => assigned
2016-01-03 09:12 LewisR Note Added: 0003083
2016-01-03 10:19 LewisR Note Added: 0003084
2016-01-03 10:28 psmedley Note Added: 0003085
2016-01-03 10:37 LewisR Note Added: 0003086
2016-01-03 10:37 LewisR Status assigned => resolved
2016-01-03 10:37 LewisR Resolution open => fixed
+Issue History