File mod_evasive.conf of Package apache2-mod_evasive

LoadModule evasive20_module /usr/lib/apache2/mod_evasive20.so

<IfModule mod_evasive20.c>
	#
	# The hash table size defines the number of top-level nodes for each
	# child's hash table. Increasing this number will provide faster
	# performance by decreasing the number of iterations required to get to
	# the record, but consume more memory for table space. You should
	# increase this if you have a busy web server. The value you specify
	# will automatically be tiered up to the next prime number in the
	# primes list (see mod_evasive.c for a list of primes used).
	#
	DOSHashTableSize    3097

	#
	# This is the threshhold for the number of requests for the same page
	# (or URI) per page interval. Once the threshhold for that interval has
	# been exceeded, the IP address of the client will be added to the
	# blocking list.
	#
	DOSPageCount        2

	#
	# This is the threshhold for the total number of requests for any
	# object by the same client on the same listener per site interval.
	# Once the threshhold for that interval has been exceeded, the IP
	# address of the client will be added to the blocking list.
	#
	DOSSiteCount        50

	#
	# The interval for the page count threshhold; defaults to 1 second
	# intervals.
	#
	DOSPageInterval     1

	#
	# The interval for the site count threshhold; defaults to 1 second
	# intervals.
	#
	DOSSiteInterval     1

	#
	# The blocking period is the amount of time (in seconds) that a client
	# will be blocked for if they are added to the blocking list. During
	# this time, all subsequent requests from the client will result in a
	# 403 (Forbidden) and the timer being reset (e.g. another 10 seconds).
	# Since the timer is reset for every subsequent request, it is not
	# necessary to have a long blocking period; in the event of a DoS
	# attack, this timer will keep getting reset.
	#
	DOSBlockingPeriod   10

	#
	# If this value is set, an email will be sent to the address specified
	# whenever an IP address becomes blacklisted. A locking mechanism using
	# /tmp prevents continuous emails from being sent.
	#
	# NOTE: Requires /bin/mail (provided by mailx)
	#
	#DOSEmailNotify      you@yourdomain.com

	#
	# If this value is set, the system command specified will be executed
	# whenever an IP address becomes blacklisted. This is designed to
	# enable system calls to ip filter or other tools. A locking mechanism
	# using /tmp prevents continuous system calls. Use %s to denote the IP
	# address of the blacklisted IP.
	#
	#DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"

	#
	# Choose an alternative temp directory By default "/tmp" will be used
	# for locking mechanism, which opens some security issues if your
	# system is open to shell users.
	#
	#   http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
	#
	# In the event you have nonprivileged shell users, you'll want to
	# create a directory writable only to the user Apache is running as
	# (usually root), then set this in your httpd.conf.
	#
	#DOSLogDir           "/var/lock/mod_evasive"

	#
	# You can use whitelists to disable the module for certain ranges of
	# IPs. Wildcards can be used on up to the last 3 octets if necessary.
	# Multiple DOSWhitelist commands may be used in the configuration.
	#
	#DOSWhitelist   127.0.0.1
	#DOSWhitelist   192.168.0.*
</IfModule>