network/mod_evasive: Added to 12.1 repository

1 files changed, 39 insertions, 0 deletions

diff --git a/network/mod_evasive/README b/network/mod_evasive/README
new file mode 100644
index 0000000000..5cebd45147
--- /dev/null
+++ b/network/mod_evasive/README
@@ -0,0 +1,39 @@
+mod_evasive maneuvers module for Apache to provide evasive action in the event
+of an HTTP DoS or DDoS attack or brute force attack. It is also designed
+to be a detection and network management tool, and can be easily configured
+to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently
+reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+
+    * Requesting the same page more than a few times per second
+    * Making more than 50 concurrent requests on the same child per second
+    * Making any requests while temporarily blacklisted (on a blocking list)
+
+
+To enable it edit /etc/httpd/httpd.conf to have like the following:
+
+LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so
+
+<IfModule mod_evasive20.c>
+    DOSHashTableSize    3097
+    DOSPageCount        2
+    DOSSiteCount        50
+    DOSPageInterval     1
+    DOSSiteInterval     1
+    DOSBlockingPeriod   10
+</IfModule>
+
+
+To test enter the following command:
+
+	perl /usr/doc/mod_evasive-$VERSION/test.pl | more
+
+Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden
+
+mod_evasive is fully tweakable through the Apache configuration file, see
+the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.
+