Lighttpd Mod_evasive Setting Up A Specific Conditional

Oct 24, 2007

I just started using lighttpd for download purpose.

I limited the number of connection per ip to 5 using mod_evasive .

When a user is downloading with a download manager the number of connection is reached to its maximum. I was wondering if there is a way to allow that same user to be able have 1 additional connection when an index.php is requested . That is, if the user is trying to view an index.php file it would ignore the rule evasive.max-conns-per-ip = 5 .

Each user have their download dir located on [url] in that same dir contains an index.php which contains login tab and integrated directory listing .

View 0 Replies


ADVERTISEMENT

Setting Up Download Server With Lighttpd

Aug 8, 2008

to getting a second server, specifically for downloads for my site. Without going into too much detail, my website requires that I get a separate server for downloads, and another for the webserver.

I've already gone ahead and configured the server I want; however, I'm trying to do something different from what I'm used to. I'd like to use Lighttpd, instead of apache, as well as not having cPanel installed on the server. I'd still have cPanel and Apache on my regular webserver, but I'd rather keep my download server relatively clean.

So, once I get my server, and I install Lighttpd, how do I go about setting up everything so that my two servers can communicate? I'd like the download server to be something like: download.mydomain.com , so would I have to set up an A Hostname on my webserver?

What are the steps I should take?

View 8 Replies View Related

Apache :: Conditional Use Of SSLVerifyClient Optional

Feb 17, 2014

I have been succesfully using a https-server with client certicates, and it works as expected with Windows clients.

With "SSLVerifyClient optional" in the virtual server configuration I can use client certificate with the browser on my own pc, and if I access pages from a random pc, I use username/password.

Recently I have used also an android tablet to access those ssl-pages and I'd like to skip client certificates on that android browser because they do not seem to work very well.

For that purpose I tried the following in the virtual server config:

Code:

<If "%{HTTP_USER_AGENT} =~ /Windows NT/">
SSLVerifyClient optional
</If>

The purpose is to skip asking certificates with any browser that is not running on Windows NT. It works as expected with the android browser on the tablet, but there is a strange side-effect when I use a Windows client as following lines start to appear into the ssl-error.log

Code:

AH02261: Re-negotiation handshake failed: Not accepted by client!?

Any clue what is the problem? How should I do this?

Server is Apache 2.4.7 32-bit.

View 1 Replies View Related

Apache :: How To Redirect Specific Useragent On Specific URLs

May 20, 2015

I have question: How to redirect specific useragent on specific URLs to specific URLs in .htaccess [Question]

E.g.:

I want to redirect 301 with conditional:

Code:
useragent: Firefox
from my url1: domain[dot]com/old-url1/
from my url2: domain[dot]com/old-url2/

to

Code:
to new url1: in my url1: domain[dot]com/new-url1/
to new url2: in my url1: domain[dot]com/new-url2/

I create this in my .htaccess but not work

Code:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} googlebot [NC]
RewriteRule ^/?this-is-url/?$ domain[dot]com [L,R,NC]

View 1 Replies View Related

Mod_evasive

Jun 21, 2007

I know this can be the most foolishly question on WHT but I'm looking for mod_evasive's download link, I tried googling and searching all forums but all links was dead

anybody can give me a link to get mod_evasive ? Ofcourse If you have a better idea than using of mod_evasive I'll be glad to hear

View 2 Replies View Related

Mod_evasive

Oct 14, 2007

We installed mod_evasive and ever since we are getting files like: dos-xxx.xxx.xxx.xxx, where xxx.xxx.xxx.xxx is an IP in our /tmp directory. The contents of the file is usually a 4 or 5 digit number and is owned by apache. Can anyone help me understand what this file is? Is it a product of mod_evasive? Can the files be deleted?

View 14 Replies View Related

Mod_evasive Log Content

Mar 24, 2008

I have a file named dos-1.2.13.4 (i changed the IP address in purpose) inside the log and inside the file there is a 4 digit number that is constantly changing. more

[root@myserver]# more dos-1.2.13.4
8726

What is 8726?

View 1 Replies View Related

Mod_evasive Installation

Feb 25, 2008

We are having problem with installing mod_evasive on our server. We tried installing it on our Virtual Machine that runs Fedora 7 (on our server, we have Fedora core 5), and on Virtual Machine it is fine, we can compile it and put it in our Apache2 conf file.

However, when we try

[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
on the server, we get a

[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
gcc -DHARD_SERVER_LIMIT=512 -DDEFAULT_PATH="/usr/local/psa/admin/bin:/bin:/usr/bin" -DLINUX=22 -DTARGET="httpsd" -DHAVE_SET_DUMPABLE -DNO_DBM_REWRITEMAP -DMOD_SSL=208122 -DEAPI -O -pipe -I/usr/include -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/lib/dist/include/libxml2 -W -Wall -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/plesk-utils/include -DBSG_CR -DBSG_MSG -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAS_RPM -DUSE_SLEEP_ON_IDLE -Wno-unused-parameter -fpic -DSHARED_MODULE -I/usr/local/psa/admin/include -c mod_evasive20.c ....

View 1 Replies View Related

Testing Mod_Evasive

Apr 2, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Code:
#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Mod_evasive Settings

Mar 30, 2007

mod_evasive settings?

I cant find out the setting which would ban all bad IPs and will nto ban normal ones.

View 0 Replies View Related

Mod_Evasive Rules

Apr 1, 2007

Does anyone know any good mod_evasive rules that pick up DoS, but not many false positives? Just looking to see what works for everyone out there, been having trouble.

Or if there is better apache module to combat DoS.

View 3 Replies View Related

Error On Install Mod_evasive

Mar 25, 2009

i want to install mod on my centos Cpanel server. so i try:

cd /usr/local/src
wget mod_evasive_1.10.1.tar.gz
tar -zxf mod_evasive_1.10.1.tar.gz
cd mod_evasive
/usr/sbin/apxs -cia mod_evasive20.c

but when i run /usr/sbin/apxs -cia mod_evasive20.c there is some error for me :

[root@ mod_evasive]#/usr/sbin/apxs -cia mod_evasive20.c
-bash: /usr/sbin/apxs: No such file or directory

View 8 Replies View Related

Mod_evasive Is It Good To Install

Nov 27, 2008

and is it good to install or not?[url]

View 5 Replies View Related

Mod_Evasive - Testing Remotely

Apr 10, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server.

Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Quote:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO:ocket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO:ocket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Can I Turn Off Mod_evasive In .htaccess

Jul 30, 2007

Can I turn off mod_evasive in .htaccess or does it have to be done server wide only in httpd.conf?

Or if not, is there a way I can exclude a specific account from it?

View 1 Replies View Related

Mod_Evasive Enhancing Reporting

Apr 27, 2007

I got mod_evasive installed and its working fine. Its detecting the IPs, blocking the IPs and sending me the emails.

The emails I'm getting only have the sender name "Apache" and the content shows the IP address is blocking.

How can I enhance the email report to display the following:

1) get a proper Subject header in the email

2) change the From header to include the hostname - i.e.
apache@web.domain.tld

3) have the program do a reverse lookup on the ip, and include that in the body.

Do I need to include a script using the DOSSystemCommand to do this?

View 5 Replies View Related

Mod_Evasive - Testing Remotely

Apr 11, 2007

I have 2 questions here.

1. I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the configuration and when running the script from the same server mod_Evasive is installed. The mod_evasive is able to detect the intrusion and block the IP of the server.

If I use the same test.pl script from an external server the requests come in and are viewable in the access log but mod_evasive doesnt block the IP of the external server. Probably is not blocing the ip of the external server because of latency.

Is there a way to modify the test.pl script to make it more agressive and get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

Quote:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO:Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO:Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0

";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

2. Also, I have sendmail installed and on the mod_evasive config I have email address specified on DOSEmailNotify. When testing from the internal server with the test.pl script the server is able to block the ip, put in the hash table but it never sends an email to my email address.

View 0 Replies View Related

Mod_Evasive - Blocking IPs Manually

Oct 26, 2007

Is there a way to block ips with mod_evasive by adding the ips to the mod_evasive configuration file?

View 3 Replies View Related

Mod_evasive And Black List

Jul 9, 2007

Some times I read in logs
server mod_evasive[24203]: Blacklisting address 84.255.151.xxx: possible attack.

Where can I find this black list and all IP listed

View 2 Replies View Related

Errror When Restarting Httpd Mod_evasive

May 5, 2008

Installing mod_evasive after serveral attacks on our server.

but when restarting httpd I get this error,

httpd: Syntax error on line 36 of /usr/local/apache/conf/httpd.conf: API module structure 'evasive20_module' in file /usr/lib/httpd/modules/mod_evasive20.so is garbled - expected signature 41503232 but saw 41503230 - perhaps this is not an Apache module DSO, or was compiled for a different Apache version?


Running apache 2.2.8

View 1 Replies View Related

Installing Mod_evasive On Cpanel Server

Jun 23, 2008

I would like to install the Mod_evasive for Apache 2.0 on RHEL 4 Server(Cpanel Installed). I downloaded the Mod_evasive source and extracted and used the following command.

# cd mod_evasive
# /usr/sbin/apxs -cia mod_evasive20.c

I am getting folowing message.

-bash: /usr/sbin/apxs: No such file or directory

# whereis apxs
apxs:

View 2 Replies View Related

Mod_evasive Doesn't Protect From Apache DOS

Feb 6, 2008

We tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.

Here is the config:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"
</IfModule>

Here is the copy of text I found on one site about mod_evasive:

Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…

Is there any solution for such type of attack with Keep Alive disabled?

View 4 Replies View Related

Mod_evasive Bans Some Legit Apps

Dec 10, 2007

mod_evasive bans some of the legit users (galleries , typo3 etc.) with following settings:

<IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 10
DOSSiteCount 150
DOSPageInterval 1
DOSSiteInterval 3
DOSBlockingPeriod 10
</IfModule>

Somebody have an idea for some less restrictive but still usefull rules?

View 10 Replies View Related

Mod_evasive Suggestion For High Traffic Server

Mar 12, 2008

The server gets around 25k unique visitors per day, but one website in particular allows hotlinking and uses a lot of bandwidth. Last time I checked...according to whm apache status page, I was getting 180 requests per second. Not sure what time it was though. So it might be higher at a different time of the day.

Recently got mod_evasive installed, but I didn't want it to block out legitimate users. Currently it's set to this...

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 10
DOSBlockingPeriod 600
</IfModule>

what a better configuration would be? When I run the log I already see it block out a bunch of IP's. I don't want to lose any visitors to this program, but I do get ddos a lot.

View 1 Replies View Related

How To Install Mod_security, Suhosin, Mod_Evasive On Server Plesk (apache2, Php5)

Jul 26, 2007

how to install mod_security, suhosin, Mod_Evasive on server plesk (apache2, php5)?
win I loacate apxs I have empty results

View 4 Replies View Related

Lighttpd Ssi

Mar 4, 2007

SSI isn't working with lighttpd. I have enabled the module and set the extension, but it still doesn't work.

View 1 Replies View Related

Vps Lighttpd Will Not Start

Jun 2, 2009

So basicly I got a vps and am using lxadmin *renamed* and with ssh and lxadmin the lighthttpd wont start and it is installed under the centos hostinabox distro.

View 3 Replies View Related

Apache And Lighttpd, Both Use Same Php.ini

Jun 3, 2009

my php.ini had some changes (/etc/php.ini). Today i have switch from apache to lighttpd, do i need to edit another php.ini file ? Apache and lighttpd use the same php.ini ( /etc/php.ini)?

View 5 Replies View Related

How I Can Use Mod-rewrite With Lighttpd

May 4, 2009

how I can use mod-rewrite with lighttpd.

Actually I am going to use phpprobid system and it has in built function for mod rewrite but I think it is for apache as if i turn it on I cant access pages

View 1 Replies View Related

Lighttpd Mod_rewrite

May 15, 2009

I am struggling to get this .htaccess file to work with lighttpd, i am not a coder so its very hard for me to fix it, hopefully if someone knows how can tell me how to write rewrite code that will get it working.
{quote}

1. Comment the 2 lines below if the server returns 500 errors!
Options -Indexes
Options +FollowSymLinks

#Uncomment following lines if you want to use image caching!
#<IfModule mod_expires.c>

1. ExpiresActive On
2. ExpiresDefault A1209600
3. ExpiresByType text/html A1
#</IfModule>

1. Uncomment following lines if Apache doesnt support MultiViews!
<IfModule mod_rewrite.c>
RewriteEngine On
1. Uncomment the 2 lines below if you are using www.domain.com # as the baseurl for the site and users access your site # via domain.com (THIS IS REQUIRED FOR JQUERY TO WORK)
#RewriteCond %{HTTP_HOST} ^domain.com [NC]
#RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* loader.php [L,QSA]
</IfModule>

1. Edit below lines and set to
2. ErrorDocument CODE /RELATIVE/error.php
3. If the script is installed in the default document
4. root then relative is null.
#ErrorDocument 401 /error.php
#ErrorDocument 403 /error.php
#ErrorDocument 404 /error.php {/quote}

looks like its calling the rule from loader.php file, now how can i convert this to lighttpd language,

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved