The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: mod_evasive2  (Read 1854 times)

ikebut

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
mod_evasive2
« on: June 05, 2017, 11:46:32 PM »

How to stop dos filter from blocking my ip address

I installed this module
mod_evasive2-1.10.1-2.4-vc14-x64 win configured.
I keep getting my ip address listed as dos attact
  How do I stop this ?
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 831
Re: mod_evasive2
« Reply #1 on: June 06, 2017, 04:12:49 AM »

DOSWhitelist   127.0.0.1
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.
Logged

ikebut

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
Re: mod_evasive2
« Reply #2 on: June 07, 2017, 02:45:30 PM »

I added this to my Apache conf. setup httpd.
 
<IfModule evasive2_module>
    DOSHashTableSize    3097
    DOSPageCount        5
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   5
    DOSWhitelist   127.0.0.1
    DOSWhitelist   127.0.0.*
    DOSWhitelist   192.168.1.*
    DOSWhitelist   8.8.8.8
    DOSWhitelis   (My IP Address)
</IfModule>
   
...but I still get this warning in my dos log file

Tue Jun 06 22:25:53 2017
PID: 41732
Blacklisting address (My IP Address): possible DoS attack.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 831
Re: mod_evasive2
« Reply #3 on: June 09, 2017, 08:39:56 AM »

I'll have to test the module.
Personally I do not like this module, but people seem to want it so I compiled it.
Logged

fabluzan

  • Newbie
  • *
  • Offline Offline
  • Posts: 1
Re: mod_evasive2
« Reply #4 on: September 05, 2017, 09:20:05 PM »

DOSWhitelist   127.0.0.1 read more about anova
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.
I've also just installed the module. Thanks for tip. Is it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98
« Last Edit: July 14, 2018, 04:42:35 PM by fabluzan »
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 831
Re: mod_evasive2
« Reply #5 on: September 06, 2017, 01:27:34 AM »

Is it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98

As I stated above I don't like this module or use it. I can only quote the included readme which I won't but you can read it yourself.

It says you can do a range of IPs but it only shows an example using the *, and it does state it's only good for the last octet.
So 192.168.1.* is the only example shown for ranges.

Now Apache can handle 192.168.1.0/8 so maybe the module can handle that as well. But you will have to be brave and experiment. httpd -t is a great little wonder I use all the time after making changes or experimenting with a live server. If Apache says "Syntax OK" then most times it is and you can restart the server safely. It's bit me a couple times but I just undo the changes and start the server. It's down for what? 5 seconds? I can afford a couple people getting a timeout once. They will try again or they will try again later. If they don't try again, their loss not mine :)

Edit:

Using the CIDR tool at http://www.ipaddressguide.com/cidr#range

This would be how to Whitelist that range of IPs
DOSWhitelist  192.168.1.5/32
DOSWhitelist  192.168.1.6/31
DOSWhitelist  192.168.1.8/29
DOSWhitelist  192.168.1.16/28
DOSWhitelist  192.168.1.32/27
DOSWhitelist  192.168.1.64/27
DOSWhitelist  192.168.1.96/31
DOSWhitelist  192.168.1.98/32

Yes, all 8 of these and only if the module supports it of course.
« Last Edit: September 06, 2017, 03:03:01 AM by Gregg »
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13