summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile4
-rw-r--r--mod_evasive.conf73
-rw-r--r--mod_evasive.spec108
3 files changed, 185 insertions, 0 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1e65467
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,4 @@
+SRCDIR := $(shell pwd)
+NAME := $(shell basename $(SRCDIR))
+include ../common/Makefile
+
diff --git a/mod_evasive.conf b/mod_evasive.conf
new file mode 100644
index 0000000..9215966
--- /dev/null
+++ b/mod_evasive.conf
@@ -0,0 +1,73 @@
+# mod_evasive configuration
+LoadModule evasive20_module modules/mod_evasive20.so
+
+<IfModule mod_evasive20.c>
+ # The hash table size defines the number of top-level nodes for each
+ # child's hash table. Increasing this number will provide faster
+ # performance by decreasing the number of iterations required to get to the
+ # record, but consume more memory for table space. You should increase
+ # this if you have a busy web server. The value you specify will
+ # automatically be tiered up to the next prime number in the primes list
+ # (see mod_evasive.c for a list of primes used).
+ DOSHashTableSize 3097
+
+ # This is the threshhold for the number of requests for the same page (or
+ # URI) per page interval. Once the threshhold for that interval has been
+ # exceeded, the IP address of the client will be added to the blocking
+ # list.
+ DOSPageCount 2
+
+ # This is the threshhold for the total number of requests for any object by
+ # the same client on the same listener per site interval. Once the
+ # threshhold for that interval has been exceeded, the IP address of the
+ # client will be added to the blocking list.
+ DOSSiteCount 50
+
+ # The interval for the page count threshhold; defaults to 1 second
+ # intervals.
+ DOSPageInterval 1
+
+ # The interval for the site count threshhold; defaults to 1 second
+ # intervals.
+ DOSSiteInterval 1
+
+ # The blocking period is the amount of time (in seconds) that a client will
+ # be blocked for if they are added to the blocking list. During this time,
+ # all subsequent requests from the client will result in a 403 (Forbidden)
+ # and the timer being reset (e.g. another 10 seconds). Since the timer is
+ # reset for every subsequent request, it is not necessary to have a long
+ # blocking period; in the event of a DoS attack, this timer will keep
+ # getting reset.
+ DOSBlockingPeriod 10
+
+ # If this value is set, an email will be sent to the address specified
+ # whenever an IP address becomes blacklisted. A locking mechanism using
+ # /tmp prevents continuous emails from being sent.
+ #
+ # NOTE: Requires /bin/mail (provided by mailx)
+ #DOSEmailNotify you@yourdomain.com
+
+ # If this value is set, the system command specified will be executed
+ # whenever an IP address becomes blacklisted. This is designed to enable
+ # system calls to ip filter or other tools. A locking mechanism using /tmp
+ # prevents continuous system calls. Use %s to denote the IP address of the
+ # blacklisted IP.
+ #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
+
+ # Choose an alternative temp directory By default "/tmp" will be used for
+ # locking mechanism, which opens some security issues if your system is
+ # open to shell users.
+ #
+ # http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
+ #
+ # In the event you have nonprivileged shell users, you'll want to create a
+ # directory writable only to the user Apache is running as (usually root),
+ # then set this in your httpd.conf.
+ #DOSLogDir "/var/lock/mod_evasive"
+
+ # You can use whitelists to disable the module for certain ranges of
+ # IPs. Wildcards can be used on up to the last 3 octets if necessary.
+ # Multiple DOSWhitelist commands may be used in the configuration.
+ #DOSWhitelist 127.0.0.1
+ #DOSWhitelist 192.168.0.*
+</IfModule>
diff --git a/mod_evasive.spec b/mod_evasive.spec
new file mode 100644
index 0000000..09a89d6
--- /dev/null
+++ b/mod_evasive.spec
@@ -0,0 +1,108 @@
+Name: mod_evasive
+Version: 1.10.1
+Release: 13%{?dist}
+Summary: Denial of Service evasion module for Apache
+
+Group: System Environment/Daemons
+License: GPLv2+
+URL: http://www.zdziarski.com/projects/mod_evasive/
+Source0: http://www.zdziarski.com/projects/mod_evasive/mod_evasive_%{version}.tar.gz
+Source1: mod_evasive.conf
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires: httpd-devel
+Requires: httpd
+Requires: httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)
+
+%description
+mod_evasive is an evasive maneuvers module for Apache to provide evasive
+action in the event of an HTTP DoS or DDoS attack or brute force attack. It
+is also designed to be a detection and network management tool, and can be
+easily configured to talk to firewalls, routers, etc. mod_evasive presently
+reports abuses via email and syslog facilities.
+
+
+%prep
+%setup -q -n %{name}
+
+
+%build
+# create apache httpd-2.4 version and compile it
+sed 's/connection->remote_ip/connection->client_ip/' \
+ < mod_evasive20.c > mod_evasive24.c
+apxs -Wc,"%{optflags}" -c mod_evasive24.c
+
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -pm 755 \
+ $RPM_BUILD_ROOT%{_libdir}/httpd/modules \
+ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
+install -pm 755 .libs/mod_evasive24.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/
+install -pm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%files
+%defattr(-,root,root,-)
+%doc README LICENSE CHANGELOG test.pl
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/*
+%{_libdir}/httpd/modules/*
+
+
+%changelog
+* Sat Mar 31 2012 Remi Collet <RPMS@FamilleCollet.com> - 1.1.1-4
+- rebuild for remi repo and httpd 2.4
+
+* Sat Mar 31 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-13
+- adapt to httpd-2.4: changed remote_ip to client_ip
+
+* Thu Mar 29 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-12
+- apxs moved to bindir, do not use sbindir macro
+
+* Tue Mar 27 2012 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 1.10.1-11
+- Rebuild for new httpd-mmn
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Mon Aug 11 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.10.1-6
+- fix license tag
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.10.1-5.1
+- Autorebuild for GCC 4.3
+
+* Wed Sep 05 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-4.1
+- Rebuild for APR changes
+
+* Wed Aug 29 2007 Fedora Release Engineering <rel-eng at fedoraproject dot org> - 1.10.1-4
+- Rebuild for selinux ppc32 issue.
+
+* Tue Apr 10 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-3
+- Modify the URL and finally import into extras.
+
+* Mon Jan 29 2007 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-2
+- The source moved to another domain since last year.
+- use _sbindir macro for apxs.
+
+* Tue Dec 06 2005 Konstantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-1
+- Cleaning up description
+- Cleaning up install
+- Slight modification to default config (add DOSWhitelist entries)
+- Disttagging
+- Adding test.pl to docs
+
+* Wed Nov 16 2005 Kosntantin Ryabitsev <icon@fedoraproject.org> - 1.10.1-0.1
+- Initial packaging.