Menu
We have weird situation, we have configured mod_evasive with apache 2.4 on Ubuntu 14. we have added google bot IPs in white list(we are maintaining long list of internal and external IPs in white list). But google IPs are still blocked by mod_evasive.
We have checked mod_evasive functionality, it is working fine(we have tested with Apache benchmark tool by adding IP in whitelist). Following is configuration, Originally IP-66.249.66.5 is part of subnet 66.249.64.0/19, but we have added it with 24 and 32 subnet
<ifmodule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 8
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 600
DOSLogDir /var/log/mod_evasive
DOSEmailNotify [email protected]
DOSWhitelist 66.249.66.5 66.249.0.0/16 66.249.64.0/19
</ifmodule>
root@ip-10:~# apachectl -M | grep -i ev
evasive20_module (shared)
563
The mod_evasive Apache module, formerly known as mod_dosevasive, helps protect against DoS, DDoS (Distributed Denial of Service), and brute force attacks on the Apache web server. It can provide evasive action during attacks and report abuses via email and syslog facilities.
The purpose of whitelisting is to protect software, scripts, local search bots, or other automated tools from being denied for requesting large amounts of data from the server. To whitelist an IP address, for example 111.111.111.111, add an entry to the configuration file like this: click below button to copy the code. By Apache tutorial team
The mod_evasive Apache utility works by monitoring incoming server requests. The tool also watches for suspicious activity from one IP, such as: Several requests for the same page in one second. More than 50 simultaneous requests per second. Requests made while the IP is temporarily blacklisted.
Another parameter is DOSSystemCommand. If a value is set, the command specified will be executed whenever an IP address is blacklisted. Using this parameter, you can integrate mod_evasive with the firewall installed on your server or a shell script and block the IP addresses blacklisted by mod_evasive in the firewall.
Based on https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache you should be using wildcards and not subnetting. For example something like the following (which is not exactly what you had with subnetting):
DOSWhitelist 66.249.*.*
sometimes you need to block an /17 or /19 and a wildcard doesn't work for this situation. It would be nice if mod_evasive could really handle network subnet specifications.
45
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
