Topic: mod_evasive2 (Read 5606 times)

ikebut · « **on:** June 05, 2017, 11:46:32 PM »

How to stop dos filter from blocking my ip address

I installed this module
mod_evasive2-1.10.1-2.4-vc14-x64 win configured.
I keep getting my ip address listed as dos attact
How do I stop this ?

Gregg · « **Reply #1 on:** June 06, 2017, 04:12:49 AM »

DOSWhitelist   127.0.0.1
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.

ikebut · « **Reply #2 on:** June 07, 2017, 02:45:30 PM »

I added this to my Apache conf. setup httpd.

<IfModule evasive2_module>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 5
DOSWhitelist 127.0.0.1
DOSWhitelist 127.0.0.*
DOSWhitelist 192.168.1.*
DOSWhitelist 8.8.8.8
DOSWhitelis (My IP Address)
</IfModule>

...but I still get this warning in my dos log file

Tue Jun 06 22:25:53 2017
PID: 41732
Blacklisting address (My IP Address): possible DoS attack.

Gregg · « **Reply #3 on:** June 09, 2017, 08:39:56 AM »

I'll have to test the module.
Personally I do not like this module, but people seem to want it so I compiled it.

fabluzan · « **Reply #4 on:** September 05, 2017, 09:20:05 PM »

Quote from: Gregg on June 06, 2017, 04:12:49 AM

DOSWhitelist   127.0.0.1 read more about anova
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.

I've also just installed the module. Thanks for tip. Is it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98

Gregg · « **Reply #5 on:** September 06, 2017, 01:27:34 AM »

Quote from: fabluzan on September 05, 2017, 09:20:05 PM

Is it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98

As I stated above I don't like this module or use it. I can only quote the included readme which I won't but you can read it yourself.

It says you can do a range of IPs but it only shows an example using the *, and it does state it's only good for the last octet.
So 192.168.1.* is the only example shown for ranges.

Now Apache can handle 192.168.1.0/8 so maybe the module can handle that as well. But you will have to be brave and experiment. httpd -t is a great little wonder I use all the time after making changes or experimenting with a live server. If Apache says "Syntax OK" then most times it is and you can restart the server safely. It's bit me a couple times but I just undo the changes and start the server. It's down for what? 5 seconds? I can afford a couple people getting a timeout once. They will try again or they will try again later. If they don't try again, their loss not mine

Edit:

Using the CIDR tool at http://www.ipaddressguide.com/cidr#range

This would be how to Whitelist that range of IPs
DOSWhitelist 192.168.1.5/32
DOSWhitelist 192.168.1.6/31
DOSWhitelist 192.168.1.8/29
DOSWhitelist 192.168.1.16/28
DOSWhitelist 192.168.1.32/27
DOSWhitelist 192.168.1.64/27
DOSWhitelist 192.168.1.96/31
DOSWhitelist 192.168.1.98/32

Yes, all 8 of these and only if the module supports it of course.

News:

Author Topic: mod_evasive2 (Read 5606 times)

ikebut

mod_evasive2

Gregg

Re: mod_evasive2

ikebut

Re: mod_evasive2

Gregg

Re: mod_evasive2

fabluzan

Re: mod_evasive2

Gregg

Re: mod_evasive2