mod_evasive ignores thresholds?
Andrea Venturoli
ml at netfence.it
Wed Jul 6 09:08:43 UTC 2016
Hello.
I'm trying to set up mod_evasive on a 9.3/i386 box running Apache 2.2.
The server features (among other things) the CalDAV/CardDAV protocol, so
it's quite normal clients will issue several requests in a row.
I would think these would NOT be considered the same identical request,
but I understand mod_evasive is not so smart, so I tried raising the
threshold.
Now in my config I have:
> <IfModule evasive_module>
> DOSHashTableSize 1024
> DOSPageCount 50
> DOSSiteCount 150
> DOSPageInterval 2
> DOSSiteInterval 2
> DOSBlockingPeriod 10
> </IfModule>
In spite of this (50/150 requests in 2 seconds), the clients are always
blocked after the fifth request:
> 10.1.2.18 - - [06/Jul/2016:10:50:54 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 207 1826 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/principals/xxxxxx/ HTTP/1.1" 207 909 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> [Wed Jul 06 10:50:55 2016] [error] [client 10.1.2.18] client denied by server configuration: /usr/local/www/baikal/html/cal.php
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "REPORT /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 403 235 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
Is it a bug?
Is mod_evasive incompatible with DAV?
Am I getting it all wrong?
bye & Thanks
av.
More information about the freebsd-ports
mailing list