Project

General

Profile

Support #562

Updated by Daniel Curtis almost 10 years ago

{{>toc}} 

 This is a simple guide for installing and configuring mod_evasive for Apache 2.4 on FreeBSD 9.2. 

 * Update the system and ports tree: 
 <pre> 
 pkg update && pkg upgrade 
 portsnap fetch extract 
 </pre> 

 * Install git: 
 <pre> 
 pkg install git 
 </pre> 

 --- 

 h1. Install mod_evasive 

 * Edit the mod_evasive Makefile: 
 <pre> 
 cd /usr/ports/www/mod_evasive 
 vi Makefile 
 </pre> 
 #* And change the line *USE_APACHE=22* to: 
 <pre> 
 USE_APACHE=       24 
 </pre> 

 * Begin compilation: 
 <pre> 
 make install clean 
 </pre> 
 #* Currently the port will fail with output similar to the following: 
 <pre> 
 mod_evasive20.c: In function 'access_checker': 
 mod_evasive20.c:142: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:146: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:158: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:165: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:180: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:187: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:208: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:212: warning: implicit declaration of function 'getpid' 
 mod_evasive20.c:215: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:221: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:222: error: 'conn_rec' has no member named 'remote_ip' 
 mod_evasive20.c:228: error: 'conn_rec' has no member named 'remote_ip' 
 apxs:Error: Command failed with rc=65536 
 . 
 *** [do-build] Error code 1 

 Stop in /usr/ports/www/mod_evasive. 
 </pre> 

 * Fix the working mod_evasive source code: 
 <pre> 
 sed -i '' -e 's/remote_ip/client_ip/g' work/mod_evasive/mod_evasive20.c 
 </pre> 

 * Then finish installing mod_evasive: 
 <pre> 
 make install clean 
 </pre> 

 * Create the mod_evasive config file: 
 <pre> 
 vi /usr/local/etc/apache24/modules.d/010_mod_evasive.conf 
 </pre> 
 #* And add the following: 
 <pre> 
 LoadModule evasive20_module     libexec/apache24/mod_evasive20.so 

 <IfModule evasive20_module> 
 #increases size of hash table. Good, but uses more RAM. 
 DOSHashTableSize      3097 
 #Interval, in seconds, of the page interval. 
 DOSPageInterval       1 
 #Interval, in seconds, of the site interval. 
 DOSSiteInterval       1 
 #period, in seconds, a client is blocked.    The counter is reset to 0 with every access within this interval. 
 DOSBlockingPeriod     10 
 #threshold of requests per page, per page interval.    If hit == block. 
 DOSPageCount          2 
 #threshold of requests for any object by the same ip, on the same listener, per site interval. 
 DOSSiteCount          50 
 #locking mechanism prevents repeated calls.    email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s") 
 DOSEmailNotify        admin@example.com 
 #locking mechanism prevents repeated calls.    A command can be executed when a host is blocked.    %s is the host IP. 
 #DOSSystemCommand      "su - someuser -c '/sbin/... %s ...'" 
 #DOSLogDir             "/var/lock/mod_evasive" 
 #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.* 
 #DOSWhiteList 127.0.0.1 
 </IfModule> 
 </pre> 

 * Restart apache24 to enable mod_evasive 
 <pre> 
 service apache24 restart 
 </pre> 

 * Now check to see that the module loaded correctly: 
 <pre> 
 apachectl -M 
 </pre> 
 #* _Truncated output_ 
 <pre> 
 Loaded Modules: 
  ... 
  evasive20_module (shared) 
 </pre> 

 --- 

 h1. Testing mod_evasive 

 h2. Using Perl 

 * On a remote machine, create test-evasive.pl: 
 <pre> 
 vi test-evasive 
 </pre> 
 #* And add the following: 
 <pre> 
 #!/usr/bin/perl 
 # test-evasive.pl: small script to test mod_evasive's effectiveness 
 
 use IO::Socket; 
 use strict; 
 
 for(0..100) { 
   my($response); 
   my($SOCKET) = new IO::Socket::INET( Proto     => "tcp", 
                                       PeerAddr=> "www.example.com:80"); 
   if (! defined $SOCKET) { die $!; } 
   print $SOCKET "GET /?$_ HTTP/1.0nn"; 
   $response = <$SOCKET>; 
   print $response; 
   close($SOCKET); 
 } 
 </pre> 
 *NOTE*: Change the *@PeerAddr@* to the URL to be tested. 

 * Once the file is saved, run it: 
 <pre> 
 perl test-evasive.pl 
 </pre> 

 h2. Using Apache Bench 

 * Apache server benchmarking tool. 
 <pre> 
 ab -n1000 -c1000 http://www.example.com/index.php http://centos.gabrielcanepa.com.ar/index.php 
 </pre> 
 #* -n: n: Number of requests to perform for the benchmarking session. 
 #* -c: c: Number of multiple requests to perform at a time. 

 h2. Resources 

 * http://xmodulo.com/harden-apache-web-server-mod_security-mod_evasive-centos.html

Back