Server Fault Asked by franks on November 27, 2021
I’m experiencing an anomaly on my Ubuntu 16.04 Machine. I installed LAMP, ufw, fail2ban e now as a DOS protection I installed mod_evasive.
Mod_evasive doesn’t seem to block anything, doesn’t log anything and the only log I see in var/log/apache2/error.logs when I reload a page fast enough to trigger it is:
[evasive20:error] [pid 17849] [client *..***.179:9189] client denied by server configuration:..
Beside that NOTHING.
I went through all the steps, created a log directory, give permissions, reinstalled, tried all sort of things but the problem doesn’t seem to be fixed AT ALL!
This is my current configuration:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 1
DOSSiteCount 5
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 15
#DOSEmailNotify [email protected]
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
DOSLogDir "/var/log/apache2/evasive.log"
</IfModule>
Any idea?
EDIT:
I’m now able to see the logs-> IT basically logs files named DOS-203.33.**.* for each presumed attack.
But still it doesn’t block anything! From my understanding it has to block the ip address at the Apache level but it doesnt..
I believe you are missing the firewall-part. if you are using iptables you should set the following DOSSystemCommand:
"sudo /root/scripts/ban_ip.sh %s":
be sure to add your apache user to sudoers and allow access to the script and 'iptables' and 'at' command.
Script content:
#!/bin/sh
IP=$1
IPTABLES=/sbin/iptables
$IPTABLES -A banned -s $IP -p TCP --dport 80 -j DROP
echo "$IPTABLES -D banned -s $IP -p TCP --dport 80 -j DROP" | at now + 2 hours
sudoers:
www-data ALL=(ALL) NOPASSWD: /sbin/iptables *, /usr/bin/at *, /root/scripts/ban_ip.sh
cheers!
Answered by Manticore on November 27, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP