Support #562
Updated by Daniel Curtis almost 10 years ago
{{>toc}} This is a simple guide for installing and configuring mod_evasive for Apache 2.4 on FreeBSD 9.2. * Update the system and ports tree: <pre> pkg update && pkg upgrade portsnap fetch extract </pre> * Install git: <pre> pkg install git </pre> --- h1. Install mod_evasive * Edit the mod_evasive Makefile: <pre> cd /usr/ports/www/mod_evasive vi Makefile </pre> #* And change the line *USE_APACHE=22* to: <pre> USE_APACHE= 24 </pre> * Begin compilation: <pre> make install clean </pre> #* Currently the port will fail with output similar to the following: <pre> mod_evasive20.c: In function 'access_checker': mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:212: warning: implicit declaration of function 'getpid' mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip' mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip' apxs:Error: Command failed with rc=65536 . *** [do-build] Error code 1 Stop in /usr/ports/www/mod_evasive. </pre> * Fix the working mod_evasive source code: <pre> sed -i '' -e 's/remote_ip/client_ip/g' work/mod_evasive/mod_evasive20.c </pre> * Then finish installing mod_evasive: <pre> make install clean </pre> * Create the mod_evasive config file: <pre> vi /usr/local/etc/apache24/modules.d/010_mod_evasive.conf </pre> #* And add the following: <pre> LoadModule evasive20_module libexec/apache24/mod_evasive20.so <IfModule evasive20_module> #increases size of hash table. Good, but uses more RAM. DOSHashTableSize 3097 #Interval, in seconds, of the page interval. DOSPageInterval 1 #Interval, in seconds, of the site interval. DOSSiteInterval 1 #period, in seconds, a client is blocked. The counter is reset to 0 with every access within this interval. DOSBlockingPeriod 10 #threshold of requests per page, per page interval. If hit == block. DOSPageCount 2 #threshold of requests for any object by the same ip, on the same listener, per site interval. DOSSiteCount 50 #locking mechanism prevents repeated calls. email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s") DOSEmailNotify admin@example.com #locking mechanism prevents repeated calls. A command can be executed when a host is blocked. %s is the host IP. #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" #DOSLogDir "/var/lock/mod_evasive" #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.* #DOSWhiteList 127.0.0.1 </IfModule> </pre> * Restart apache24 to enable mod_evasive <pre> service apache24 restart </pre> * Now check to see that the module loaded correctly: <pre> apachectl -M </pre> #* _Truncated output_ <pre> Loaded Modules: ... evasive20_module (shared) </pre> --- h1. Testing mod_evasive h2. Using Perl * On a remote machine, create test-evasive.pl: <pre> vi test-evasive </pre> #* And add the following: <pre> #!/usr/bin/perl # test-evasive.pl: small script to test mod_evasive's effectiveness use IO::Socket; use strict; for(0..100) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => "tcp", PeerAddr=> "www.example.com:80"); if (! defined $SOCKET) { die $!; } print $SOCKET "GET /?$_ HTTP/1.0nn"; $response = <$SOCKET>; print $response; close($SOCKET); } </pre> *NOTE*: Change the *@PeerAddr@* to the URL to be tested. * Once the file is saved, run it: <pre> perl test-evasive.pl </pre> h2. Using Apache Bench * Apache server benchmarking tool. <pre> ab -n1000 -c1000 http://www.example.com/index.php http://centos.gabrielcanepa.com.ar/index.php </pre> #* -n: n: Number of requests to perform for the benchmarking session. #* -c: c: Number of multiple requests to perform at a time. h2. Resources * http://xmodulo.com/harden-apache-web-server-mod_security-mod_evasive-centos.html