mod_evasive ignores thresholds?

Andrea Venturoli ml at netfence.it
Wed Jul 6 09:08:43 UTC 2016 

Hello.

I'm trying to set up mod_evasive on a 9.3/i386 box running Apache 2.2.

The server features (among other things) the CalDAV/CardDAV protocol, so 
it's quite normal clients will issue several requests in a row.
I would think these would NOT be considered the same identical request, 
but I understand mod_evasive is not so smart, so I tried raising the 
threshold.
Now in my config I have:

> <IfModule evasive_module>
>     DOSHashTableSize    1024
>     DOSPageCount        50
>     DOSSiteCount        150
>     DOSPageInterval     2
>     DOSSiteInterval     2
>     DOSBlockingPeriod   10
> </IfModule>

In spite of this (50/150 requests in 2 seconds), the clients are always 
blocked after the fifth request:

> 10.1.2.18 - - [06/Jul/2016:10:50:54 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 207 1826 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "PROPFIND /cal.php/principals/xxxxxx/ HTTP/1.1" 207 909 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "OPTIONS /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 200 - "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"
> [Wed Jul 06 10:50:55 2016] [error] [client 10.1.2.18] client denied by server configuration: /usr/local/www/baikal/html/cal.php
> 10.1.2.18 - - [06/Jul/2016:10:50:55 +0200] "REPORT /cal.php/calendars/xxxxxx/default/ HTTP/1.1" 403 235 "-" "Mozilla/5.0 (X11; FreeBSD i386; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 Lightning/4.7.1"



Is it a bug?
Is mod_evasive incompatible with DAV?
Am I getting it all wrong?

  bye & Thanks
	av.

More information about the freebsd-ports mailing list