View Issue Details

IDProjectCategoryView StatusLast Update
0000654Port RequestsPort Requestpublic2020-08-24 03:07
ReporterLewisR Assigned Topsmedley  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Summary0000654: Consider building mod_evasive for Apache 2.2 and 2.4
Descriptionmod_evasive is potentially useful in mitigating DoS attacks against Apache.
Additional InformationMore information may be gleaned from the (apparent) source page:

http://www.zdziarski.com/blog/?page_id=442

and here:

http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/
https://systembash.com/how-to-stop-an-apache-ddos-attack-with-mod_evasive/
https://github.com/KoHead/mod_evasive
https://github.com/deasmi/mod_evasive
https://github.com/skonb/evasive (some possibly interesting additions)
https://github.com/shivaas/mod_evasive (fork for Apache 2.4)

I'm primarily concerned with Apache 2.2, at this point, but I can see an upgrade to 2.4 in the coming months.
TagsNo tags attached.

Activities

psmedley

2016-01-02 21:34

administrator   ~0003078

Hi - the way I read the docs, mod_evasive works by updating the iptables rules - which won't help on OS/2 - http://xmodulo.com/harden-apache-web-server-mod_security-mod_evasive-centos.html

It does seem though, that it can process a script to update a firewall - can injoy firewall rules be updated via a rexx script?

LewisR

2016-01-02 22:13

developer   ~0003079

I thought that iptables only comes into play if you want to add a permanent rule via DOSSystemCommand. Other than that, the rules are merely held in memory until the server is restarted.

You seem to be reading the above differently than I, Paul. Anything in the sources, I wonder?

I've asked Yuri to comment on updating InJoy rules via REXX, in the meantime.

psmedley

2016-01-02 22:19

administrator   ~0003080

I only had a quick read - I'll see if I can have a crack at building it soon

psmedley

2016-01-02 22:35

administrator   ~0003081

Built from http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz

NOT tested by me - http://smedley.id.au/tmp/evasive.zip (for Apache 2.2)

LewisR

2016-01-02 22:39

developer   ~0003082

FWIW, Yuri says:

[...] you can modify the blacklist configuration file and ask
IJFW to refresh configuration.

He couldn't see a way to do this via dll call or REXX. The blacklst.cnf is plain text, though.

LewisR

2016-01-02 22:42

developer   ~0003083

Thanks, Paul!

I'll let you know what we get.

LewisR

2016-01-02 23:49

developer   ~0003084

Variables:

Is mailer set to "/bin/mail -t %s" or...? If so, I'll just need to add a link or a script to redirect to sendmail.

Is default DOSLogDir set to /tmp, and should it recognize paths relative to the location from which httpd.exe was started, e.g., "logs/"?

psmedley

2016-01-02 23:58

administrator   ~0003085

This was a simple compile. No attempts were made to 'port' this in anyway.
from mod_evasive20.c:

#define MAILER "/bin/mail %s"
#define DEFAULT_LOG_DIR "/tmp" // Default temp directory

LewisR

2016-01-03 00:07

developer   ~0003086

That's fine, as long as I know. Thanks!

Resolving this. Any further issues will be reported separately.

Issue History

Date Modified Username Field Change
2015-07-30 19:29 LewisR New Issue
2016-01-02 21:34 psmedley Note Added: 0003078
2016-01-02 22:13 LewisR Note Added: 0003079
2016-01-02 22:19 psmedley Note Added: 0003080
2016-01-02 22:35 psmedley Note Added: 0003081
2016-01-02 22:35 psmedley Assigned To => psmedley
2016-01-02 22:35 psmedley Status new => feedback
2016-01-02 22:39 LewisR Note Added: 0003082
2016-01-02 22:39 LewisR Status feedback => assigned
2016-01-02 22:42 LewisR Note Added: 0003083
2016-01-02 23:49 LewisR Note Added: 0003084
2016-01-02 23:58 psmedley Note Added: 0003085
2016-01-03 00:07 LewisR Note Added: 0003086
2016-01-03 00:07 LewisR Status assigned => resolved
2016-01-03 00:07 LewisR Resolution open => fixed
2020-08-24 03:07 psmedley Status resolved => closed