mod_evasive enabled globally, disabled per VirtualHost?

Helicon Ape provides support for Apache .htacces and .htpasswd configuration files for Microsoft IIS.
User avatar
Posts: 11
Joined: 23 Jul 2014, 04:32
Location: Groningen, the Netherlands

mod_evasive enabled globally, disabled per VirtualHost?

23 Jul 2014, 04:40

Hi. I'm trying to accomplish the following scenario in my httpd.conf: to enable mod_evasive globally -for all sites- on a webserver, but the module has to be disabled on a per website (VirtualHost) basis if necessary. I couldn't find any reference on how to accomplish this in the documentation or through Google, is this set up possible? Something in the line of:

<VirtualHost example.com http://www.example.com>
# disable mod_evasive
</VirtualHost>

<VirtualHost *>
LoadModule evasive_module modules/mod_evasive.so
</VirtualHost>

Otherwise I'd have to enable mod_evasive globally, and disable Helicon Ape completely as a module per website (web.config, <modules><remove name="Helicon.Ape"/>) and I wouldn't want that.

It would even be better when the module could be disabled in a website's .htaccess file (SetEnv if mod_evasive is loaded en then UnSetEnv that var?)

User avatar
Posts: 871
Joined: 12 Mar 2012, 09:54

Re: mod_evasive enabled globally, disabled per VirtualHost?

23 Jul 2014, 09:39

Hello,

You can't Put LoadModule directive inside VirtualHost. It should be enabled globally.
Then you put nothing for VirtualHost you want to exclude and use the mod_evasive rules for the rest of the hosts (*):

LoadModule evasive_module modules/mod_evasive.so

<VirtualHost example.com http://www.example.com>;
# nothing
</VirtualHost>

<VirtualHost *>
#Turn on

#optional directive (default value equals to 1024)
DOSHashTableSize 1024

#obligatory directives (if even one of them is not set, malfunctioning is possible)
DOSPageCount 10
DOSSiteCount 150
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</VirtualHost>

Please try and report the results.
Also, it would be good to know what exactly you are trying to achieve using mod_evasive. We might be able to provide a better solution.

User avatar
Posts: 11
Joined: 23 Jul 2014, 04:32
Location: Groningen, the Netherlands

Re: mod_evasive enabled globally, disabled per VirtualHost?

23 Jul 2014, 10:12

Hi Anton, thank you for your reply.

I'm trying to implement basic anti HTTP DDoS/brute-force security measures, either with Helicon Ape's mod_evasive or IIS Dynamic IP
Restrictions.

Unfortunately, your suggestion doesn't work. I now have in my httpd.conf (and executed an iisreset after saving the httpd.conf):

[all loaded modules here]
LoadModule evasive_module modules/mod_evasive.so

<VirtualHost example.com example.com>
# nothing
</VirtualHost>

<VirtualHost *>
LoadModule evasive_module modules/mod_evasive.so

#optional directive (default value equals to 1024)
DOSHashTableSize 1024

#obligatory directives (if even one of them is not set, malfunctioning is possible)
DOSPageCount 10
DOSSiteCount 150
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 120
</VirtualHost>

And my client is still blocked on example.com after 10 requests (I use the 'ab' utility):

$ GET -uUsSed example.com
GET example.com
User-Agent: lwp-request/2.07

GET example.com --> 200 OK
[!snip!]

# ab -n 30 -c 11 http://www.example.com:80/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0

Server Software: Microsoft-IIS/8.0
Server Hostname: http://www.example.com
Server Port: 80


Complete requests: 30
Failed requests: 8
(Connect: 0, Length: 8, Exceptions: 0)
Write errors: 0
Non-2xx responses: 22

and directly after that:

Complete requests: 30
Failed requests: 0
Write errors: 0
Non-2xx responses: 30


$ GET -uUsSed example.com

GET example.com
User-Agent: lwp-request/2.07

GET example.com --> 403 Forbidden

(I had to break some URLs here and there: "Your message contains too many URLs. The maximum number of URLs allowed is 5.")

Regards,
Jan

User avatar
Posts: 11
Joined: 23 Jul 2014, 04:32
Location: Groningen, the Netherlands

Re: mod_evasive enabled globally, disabled per VirtualHost?

24 Jul 2014, 07:43

Apparantly, the port number is mandatory in a <VirtualHost> directive? It works now with the following config:

LoadModule evasive_module modules/mod_evasive.so

<VirtualHost example.com:80>
# Nothing
</VirtualHost>

<VirtualHost *:80>
<IfModule evasive_module>
# Optional directive (default value equals to 1024)
DOSHashTableSize 2048

# Obligatory directives (if even one of them is not set, malfunctioning is possible)
DOSPageCount 10
DOSSiteCount 150
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 120
#DOSCloseSocket Off
</IfModule>
</VirtualHost>

Without the :80 it doesn't work.

User avatar
Posts: 871
Joined: 12 Mar 2012, 09:54

Re: mod_evasive enabled globally, disabled per VirtualHost?

24 Jul 2014, 10:21

Hello,

It seems like a bug with <VirtualHost *>
Thanks for pointing at it.

User avatar
Posts: 11
Joined: 23 Jul 2014, 04:32
Location: Groningen, the Netherlands

Re: mod_evasive enabled globally, disabled per VirtualHost?

25 Jul 2014, 03:56

Anton wrote:Hello,

It seems like a bug with <VirtualHost *>
Thanks for pointing at it.


Ah great, thanks.

Return to Helicon Ape

Who is online

Users browsing this forum: No registered users and 3 guests