Text only | Text with Images

The Apache Haus Forum

Forum Topics => Third-party Modules => Topic started by: ikebut on June 05, 2017, 11:46:32 PM

Title: mod_evasive2
Post by: ikebut on June 05, 2017, 11:46:32 PM
How to stop dos filter from blocking my ip address

I installed this module
mod_evasive2-1.10.1-2.4-vc14-x64 win configured.
I keep getting my ip address listed as dos attact
  How do I stop this ?
Title: Re: mod_evasive2
Post by: Gregg on June 06, 2017, 04:12:49 AM
DOSWhitelist   127.0.0.1
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.
Title: Re: mod_evasive2
Post by: ikebut on June 07, 2017, 02:45:30 PM
I added this to my Apache conf. setup httpd.
 
<IfModule evasive2_module>
    DOSHashTableSize    3097
    DOSPageCount        5
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   5
    DOSWhitelist   127.0.0.1
    DOSWhitelist   127.0.0.*
    DOSWhitelist   192.168.1.*
    DOSWhitelist   8.8.8.8
    DOSWhitelis   (My IP Address)
</IfModule>
   
...but I still get this warning in my dos log file

Tue Jun 06 22:25:53 2017
PID: 41732
Blacklisting address (My IP Address): possible DoS attack.
Title: Re: mod_evasive2
Post by: Gregg on June 09, 2017, 08:39:56 AM
I'll have to test the module.
Personally I do not like this module, but people seem to want it so I compiled it.
Title: Re: mod_evasive2
Post by: fabluzan on September 05, 2017, 09:20:05 PM
Quote from: Gregg on June 06, 2017, 04:12:49 AM
DOSWhitelist   127.0.0.1 read more about anova (https://kitchenlola.com/anova-culinary-sous-vide-precision-cooker-review/)
DOSWhitelist   192.168.1.*
DOSWhitelist   8.8.8.8
etc. etc.
I've also just installed the module. Thanks for tip. Is it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98
Title: Re: mod_evasive2
Post by: Gregg on September 06, 2017, 01:27:34 AM
Quote from: fabluzan on September 05, 2017, 09:20:05 PMIs it possible to block a range of IPs. e.g. From 192.168.1.5 to 192.168.1.98

As I stated above I don't like this module or use it. I can only quote the included readme which I won't but you can read it yourself.

It says you can do a range of IPs but it only shows an example using the *, and it does state it's only good for the last octet.
So 192.168.1.* is the only example shown for ranges.

Now Apache can handle 192.168.1.0/8 so maybe the module can handle that as well. But you will have to be brave and experiment. httpd -t is a great little wonder I use all the time after making changes or experimenting with a live server. If Apache says "Syntax OK" then most times it is and you can restart the server safely. It's bit me a couple times but I just undo the changes and start the server. It's down for what? 5 seconds? I can afford a couple people getting a timeout once. They will try again or they will try again later. If they don't try again, their loss not mine :)

Edit:

Using the CIDR tool at http://www.ipaddressguide.com/cidr#range

This would be how to Whitelist that range of IPs
DOSWhitelist  192.168.1.5/32
DOSWhitelist  192.168.1.6/31
DOSWhitelist  192.168.1.8/29
DOSWhitelist  192.168.1.16/28
DOSWhitelist  192.168.1.32/27
DOSWhitelist  192.168.1.64/27
DOSWhitelist  192.168.1.96/31
DOSWhitelist  192.168.1.98/32

Yes, all 8 of these and only if the module supports it of course.
Text only | Text with Images