Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Tue 14 Jul '15 12:11 Post subject: mod_evasive :: Updated |
|
|
Apache mod_evasive (also formally known as Mod_dosevasive) helps to prevent HTTP DoS (DDoS) attacks or server brute force attacks. The module works it's magic by blocking access to your server from connections by the perpetrating single IP address that exceeded more than 50 concurrent connections to Apache or loading the same page more then a few times per second.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
1. Requesting the same page more than a few times per second
2. Making more than 50 concurrent requests on the same child per second
3. Making any requests while temporarily blacklisted (on a blocking list)
The module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.
Authors home at https://github.com/jvdmr/mod_evasive
Steffen
Last edited by Steffen on Mon 17 Jun '19 16:01; edited 1 time in total |
|
Back to top |
|
admin Site Admin
Joined: 15 Oct 2005 Posts: 691
|
Posted: Mon 26 Aug '19 12:54 Post subject: |
|
|
The original author jzdziarski did not actively maintained the module anymore.
It is forked by jvdmr which is now the official repro, see https://github.com/jvdmr/mod_evasive
Documentation: https://github.com/jvdmr/mod_evasive/blob/master/README.md
Updated to the now official version 2.0, VS16 only.
Changes:
* Support for per-vhost configuration instead of only global
* Added DOSHTTPStatus directive
* evasive20_module is now simply called evasive_module
* Greg Smith's windows port added
When you update you have to change LoadModule evasive2_module modules/mod_evasive2.so to:
LoadModule evasive_module modules/mod_evasive.so |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Sun 09 Feb '20 12:24 Post subject: |
|
|
Updated VS16 to version 2.2.0
In this release, added a new configuration option DOSWhitelistUri which takes a Perl-style regex and matches it against the request's URI. If it matches, the request is allowed and not counted towards the DOS limit. |
|
Back to top |
|
first_family
Joined: 26 Mar 2020 Posts: 1 Location: Krasnodar, Russia
|
Posted: Thu 26 Mar '20 8:52 Post subject: |
|
|
DOSWhitelistUri is not working for me.
The error occurs:
Code: | Invalid command 'DOSWhitelistUri', perhaps misspelled or defined by a module not included in the server configuration. |
mod_evasive 2.2.0 win64, Apache 2.4.41 win64
-------
I read mod_evasive Windows code on Github. This future not implemented. Author released it only in mod_evasive24.c not in mod_evasive24win.c |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Thu 26 Mar '20 11:53 Post subject: |
|
|
Oeps... Tested it, but not DOSWhitelistUri. |
|
Back to top |
|
spitzerspace
Joined: 24 Dec 2014 Posts: 7
|
Posted: Thu 17 Sep '20 19:03 Post subject: |
|
|
The system command is called repeatedly during a DOS attack. I had to revise my script to check the log dir to see if it has already been called for a specific IP. |
|
Back to top |
|
jasch
Joined: 11 Apr 2008 Posts: 8
|
Posted: Thu 10 Dec '20 2:34 Post subject: |
|
|
Any plans on updating the download so the DOSWhitelistUri works?
I keep getting "Invalid Command DOSWhitelistUri'
There's even a 2.3.0 out since March (the one on the donwloads page is 2.2.0 from Feb)
Thanks |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Thu 10 Dec '20 10:09 Post subject: |
|
|
This feature not implemented. Author released it only in mod_evasive24.c not in mod_evasive24win.c .
It is reported, but no action by the author till now. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Tue 08 Nov '22 13:25 Post subject: |
|
|
Available for VS17 |
|
Back to top |
|
kostya
Joined: 07 Dec 2023 Posts: 8 Location: Israel
|
Posted: Sun 11 Aug '24 13:01 Post subject: mod_evasive win32, Apache 2.4.58 win32 |
|
|
Could you please provide this version of mod_evasive? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Sun 11 Aug '24 14:44 Post subject: |
|
|
Note on the download page :
VS17 Win32 modules (like mod_fcgid) use VS16 ones at VS16 Win32 modules |
|
Back to top |
|
kostya
Joined: 07 Dec 2023 Posts: 8 Location: Israel
|
Posted: Mon 12 Aug '24 10:18 Post subject: |
|
|
But there is no VS16 binary for this module. Could you provide it? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
|
Back to top |
|
kostya
Joined: 07 Dec 2023 Posts: 8 Location: Israel
|
Posted: Mon 12 Aug '24 13:39 Post subject: |
|
|
thanks, will try it. Just to verify, will it work with apache version 2.4.58? |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3093 Location: Hilversum, NL, EU
|
Posted: Mon 12 Aug '24 14:53 Post subject: |
|
|
Yes |
|
Back to top |
|
mrdj1024
Joined: 03 Apr 2023 Posts: 44 Location: Bridgeton,NJ,USA
|
|
Back to top |
|
admin Site Admin
Joined: 15 Oct 2005 Posts: 691
|
|
Back to top |
|
mrdj1024
Joined: 03 Apr 2023 Posts: 44 Location: Bridgeton,NJ,USA
|
Posted: Sat 12 Oct '24 10:43 Post subject: |
|
|
thankyou!! yes it works |
|
Back to top |
|