logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_evasive DOSSystemCommand
Author
sailor



Joined: 17 Apr 2015
Posts: 77
Location: US

PostPosted: Tue 09 Aug '16 16:41    Post subject: mod_evasive DOSSystemCommand Reply with quote

I have this module working (tested using the test.pl), but cannot get command to work:

DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\""

Also, logging does not seem to do anything either:

DOSLogDir "D:/Apache24/logs"


I use cronolog for logging, so could that be interfering?

ErrorLog "|d:/apache24/cronolog.exe logs/error_%m-%d-%Y.log"
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Tue 09 Aug '16 19:49    Post subject: Re: mod_evasive DOSSystemCommand Reply with quote

sailor wrote:
DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\""


DOS (not DDOS) doesn't understand / as a path separator. Maybe try with \\ instead.
\"d:\\jobs\\dosevasive\\log.cmd %s\""

That some things in mod_evasive do not work on Windows is of no surprise however since it was written for Unix.
Back to top
sailor



Joined: 17 Apr 2015
Posts: 77
Location: US

PostPosted: Tue 09 Aug '16 21:16    Post subject: Re: mod_evasive DOSSystemCommand Reply with quote

glsmith wrote:
sailor wrote:
DOSSystemCommand "runas /user:Administrator \"d:/jobs/dosevasive/log.cmd %s\""


DOS (not DDOS) doesn't understand / as a path separator. Maybe try with \\ instead.
\"d:\\jobs\\dosevasive\\log.cmd %s\""

That some things in mod_evasive do not work on Windows is of no surprise however since it was written for Unix.


Apache would not start with your \"d:..."" Removed those and it starts ok, but still no luck. I also switched logs to similar \\, but that did not create or append to any log.

Apache runs as localsystem, so wonder if there's something there.

The only thing in the access log is

192.168.1.1 - - [09/Aug/2016:15:10:58 -0400] HTTP/1.0 "GET /?0 HTTP/1.0" 200 19296 "-" "-"

Yet, when I run the test.pl I get connection refused.
Back to top
sailor



Joined: 17 Apr 2015
Posts: 77
Location: US

PostPosted: Tue 09 Aug '16 21:46    Post subject: Re: mod_evasive DOSSystemCommand Reply with quote

I removed cronolog log and just using default customlog and still not logging.

This is what I get in accesslog:

192.168.1.4 - - [09/Aug/2016:15:30:23 -0400] "GET /?0 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:31 -0400] "GET /?1 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:34 -0400] "GET /?2 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:35 -0400] "GET /?3 HTTP/1.0" 200 19296
192.168.1.4 - - [09/Aug/2016:15:30:37 -0400] "GET /?4 HTTP/1.0" 200 19296


output from test.pl:

HTTP/1.0 200 OK
HTTP/1.0 200 OK
Connection refused at test.pl line 12.
Back to top
sailor



Joined: 17 Apr 2015
Posts: 77
Location: US

PostPosted: Wed 10 Aug '16 21:03    Post subject: Re: mod_evasive DOSSystemCommand Reply with quote

Well, oddly, I notice there's a file named dos-(insert ip here).147 in my error log directory with the ip blacklisted.


my conf (as per the instructions!):

DOSLogDir "D:/Apache24/logs"
Back to top


Reply to topic   Topic: mod_evasive DOSSystemCommand View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules