diff options
Diffstat (limited to 'mod_evasive.conf')
| -rw-r--r-- | mod_evasive.conf | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/mod_evasive.conf b/mod_evasive.conf new file mode 100644 index 0000000..9215966 --- /dev/null +++ b/mod_evasive.conf @@ -0,0 +1,73 @@ +# mod_evasive configuration +LoadModule evasive20_module modules/mod_evasive20.so + +<IfModule mod_evasive20.c> + # The hash table size defines the number of top-level nodes for each + # child's hash table. Increasing this number will provide faster + # performance by decreasing the number of iterations required to get to the + # record, but consume more memory for table space. You should increase + # this if you have a busy web server. The value you specify will + # automatically be tiered up to the next prime number in the primes list + # (see mod_evasive.c for a list of primes used). + DOSHashTableSize 3097 + + # This is the threshhold for the number of requests for the same page (or + # URI) per page interval. Once the threshhold for that interval has been + # exceeded, the IP address of the client will be added to the blocking + # list. + DOSPageCount 2 + + # This is the threshhold for the total number of requests for any object by + # the same client on the same listener per site interval. Once the + # threshhold for that interval has been exceeded, the IP address of the + # client will be added to the blocking list. + DOSSiteCount 50 + + # The interval for the page count threshhold; defaults to 1 second + # intervals. + DOSPageInterval 1 + + # The interval for the site count threshhold; defaults to 1 second + # intervals. + DOSSiteInterval 1 + + # The blocking period is the amount of time (in seconds) that a client will + # be blocked for if they are added to the blocking list. During this time, + # all subsequent requests from the client will result in a 403 (Forbidden) + # and the timer being reset (e.g. another 10 seconds). Since the timer is + # reset for every subsequent request, it is not necessary to have a long + # blocking period; in the event of a DoS attack, this timer will keep + # getting reset. + DOSBlockingPeriod 10 + + # If this value is set, an email will be sent to the address specified + # whenever an IP address becomes blacklisted. A locking mechanism using + # /tmp prevents continuous emails from being sent. + # + # NOTE: Requires /bin/mail (provided by mailx) + #DOSEmailNotify you@yourdomain.com + + # If this value is set, the system command specified will be executed + # whenever an IP address becomes blacklisted. This is designed to enable + # system calls to ip filter or other tools. A locking mechanism using /tmp + # prevents continuous system calls. Use %s to denote the IP address of the + # blacklisted IP. + #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" + + # Choose an alternative temp directory By default "/tmp" will be used for + # locking mechanism, which opens some security issues if your system is + # open to shell users. + # + # http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01 + # + # In the event you have nonprivileged shell users, you'll want to create a + # directory writable only to the user Apache is running as (usually root), + # then set this in your httpd.conf. + #DOSLogDir "/var/lock/mod_evasive" + + # You can use whitelists to disable the module for certain ranges of + # IPs. Wildcards can be used on up to the last 3 octets if necessary. + # Multiple DOSWhitelist commands may be used in the configuration. + #DOSWhitelist 127.0.0.1 + #DOSWhitelist 192.168.0.* +</IfModule> |