Support #562
Updated by Daniel Curtis almost 10 years ago
{{>toc}} This is a simple guide for installing and configuring mod_evasive for Apache 2.4 on FreeBSD 9.2. * Update the system and ports tree: <pre> pkg update && pkg upgrade portsnap fetch extract </pre> * Install git: <pre> pkg install git </pre> --- h1. Install mod_evasive * Edit the mod_evasive Makefile: <pre> cd /usr/ports/www/mod_evasive vi Makefile </pre> #* And change the line *USE_APACHE=22* to: <pre> USE_APACHE= 24 </pre> * Begin compilation: <pre> make install clean </pre> #* Currently the port will fail with output similar to the following: <pre> mod_evasive20.c: In function 'access_checker': mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:212: warning: implicit declaration of function 'getpid' mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip' apxs:Error: Command failed with rc=65536 . *** [do-build] Error code 1 Stop in /usr/ports/www/mod_evasive. </pre> * Fix the working mod_evasive source code: <pre> sed -i '' -e 's/remote_ip/client_ip/g' work/mod_evasive/mod_evasive20.c </pre> * Then finish installing mod_evasive: <pre> make install clean </pre> * Create Edit the mod_evasive config Apache httpd.conf file: <pre> vi /usr/local/etc/apache24/modules.d/010_mod_evasive.conf /usr/local/etc/apache24/httpd.conf </pre> #* And add the following: <pre> LoadModule evasive20_module libexec/apache24/mod_evasive20.so <IfModule evasive20_module> #increases size of hash table. Good, but uses more RAM. DOSHashTableSize 3097 #Interval, in seconds, of the page interval. DOSPageInterval 1 #Interval, in seconds, of the site interval. DOSSiteInterval 1 #period, in seconds, a client is blocked. The counter is reset to 0 with every access within this interval. DOSBlockingPeriod 10 #threshold of requests per page, per page interval. If hit == block. DOSPageCount 2 #threshold of requests for any object by the same ip, on the same listener, per site interval. DOSSiteCount 50 #locking mechanism prevents repeated calls. email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s") DOSEmailNotify admin@example.com #locking mechanism prevents repeated calls. A command can be executed when a host is blocked. %s is the host IP. #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" #DOSLogDir "/var/lock/mod_evasive" #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.* #DOSWhiteList 127.0.0.1 </IfModule> </pre> * Restart apache24 to enable mod_evasive <pre> service apache24 restart </pre> * Now check to see that the module loaded correctly: <pre> apachectl -M </pre> #* _Truncated output_ <pre> Loaded Modules: ... evasive20_module (shared) </pre>