0

I am trying to integrate mod_evasive with httpd on centos7. Module is installed and getting loaded by httpd upon restart. However, it is not picking up the parameters specified in /etc/httpd/conf.d/mod_evasive.conf file as specified below.

LoadModule evasive20_module modules/mod_evasive24.so
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 20
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify xyz@mail.com
DOSLogDir "/var/log/mod_evasive"
</IfModule>

I am testing the performance by one perl script as-

#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;
for(0..300) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                  PeerAddr=> "172.31.19.247:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

Command executed by me is perl test.pl > sample.txt
In sample.txt, I'm getting HTTP/1.1 200 OK for first 120 requests and HTTP/1.1 403 Forbidden for all the remaining requests. But as per my understanding, the configuration set, It should have to start denying beyond 50 requests as specified in DOSSiteCount in mod_evasive.conf file. Am I missing something here?

Yogesh Jilhawar
  • 5,605
  • 8
  • 44
  • 59
  • remove the IfModule tag and try again in case there is some naming mismatch. The module identifier is different from the name of the module file and also the official page suggests and IfModule with a different module identifier. The whole ifmodule usage thing is unnecessary if you are going to use the module anyways. – Daniel Ferradal Apr 05 '17 at 12:42
  • Hi ezra-s, I tried by removing the "IFModule", still same result – Yogesh Jilhawar Apr 05 '17 at 13:43
  • I am mostly interested in the dependency between "DOSPageCount" and "DOSSiteCount". How they are inter-related? – Yogesh Jilhawar Apr 06 '17 at 06:33
  • Is the Github repo: jzdziarski / mod_evasive the proper repo for mod_evasive? I worry that its last update was on Feb 22, 2017 – Volksman Aug 30 '22 at 06:05

0 Answers0