File mod_evasive.conf of Package apache2-mod_evasive
<IfModule mod_evasive24.c> # # The hash table size defines the number of top-level nodes for each # child's hash table. Increasing this number will provide faster # performance by decreasing the number of iterations required to get to # the record, but consume more memory for table space. You should # increase this if you have a busy web server. The value you specify # will automatically be tiered up to the next prime number in the # primes list (see mod_evasive.c for a list of primes used). # DOSHashTableSize 3097 # # This is the threshhold for the number of requests for the same page # (or URI) per page interval. Once the threshhold for that interval has # been exceeded, the IP address of the client will be added to the # blocking list. # DOSPageCount 2 # # This is the threshhold for the total number of requests for any # object by the same client on the same listener per site interval. # Once the threshhold for that interval has been exceeded, the IP # address of the client will be added to the blocking list. # DOSSiteCount 50 # # The interval for the page count threshhold; defaults to 1 second # intervals. # DOSPageInterval 1 # # The interval for the site count threshhold; defaults to 1 second # intervals. # DOSSiteInterval 1 # # The blocking period is the amount of time (in seconds) that a client # will be blocked for if they are added to the blocking list. During # this time, all subsequent requests from the client will result in a # 403 (Forbidden) and the timer being reset (e.g. another 10 seconds). # Since the timer is reset for every subsequent request, it is not # necessary to have a long blocking period; in the event of a DoS # attack, this timer will keep getting reset. # DOSBlockingPeriod 10 # # If this value is set, an email will be sent to the address specified # whenever an IP address becomes blacklisted. A locking mechanism using # /tmp prevents continuous emails from being sent. # # NOTE: Requires /bin/mail (provided by mailx) # #DOSEmailNotify you@yourdomain.com # # If this value is set, the system command specified will be executed # whenever an IP address becomes blacklisted. This is designed to # enable system calls to ip filter or other tools. A locking mechanism # using /tmp prevents continuous system calls. Use %s to denote the IP # address of the blacklisted IP. # #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" # # Choose an alternative temp directory By default "/tmp" will be used # for locking mechanism, which opens some security issues if your # system is open to shell users. # # http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01 # # In the event you have nonprivileged shell users, you'll want to # create a directory writable only to the user Apache is running as # (usually root), then set this in your httpd.conf. # #DOSLogDir "/var/lock/mod_evasive" # # You can use whitelists to disable the module for certain ranges of # IPs. Wildcards can be used on up to the last 3 octets if necessary. # Multiple DOSWhitelist commands may be used in the configuration. # #DOSWhitelist 127.0.0.1 #DOSWhitelist 192.168.0.* # Specific URI's can be whitelisted to insure they are never denied. # Some clients may repeatedly request the same URI (due to bugs, or # for other reasons), and subsequently be blocked from making other # (valid) requests. If you want, you may whitelist these URI's so # these clients won't be blocked. Use with caution. # # DOSWhitelistUri supports perl-style regex and matches the whole request # URI (everything between the domain name and the ?) against this regex. # #DOSWhitelistUri /path/to/whitelisted/resource #DOSWhitelistUri .*whitelisted.* # # It may be desirable to apply DoS detection only to specific paths, such # as '/login'. If a target list of URI's is defined, then URI's that do # not match one of the targets are excluded from DoS detection. For example, # if only '/login' is targeted, then excessive requests to '/home' # will not trigger evasive responses. # # Like DOSWhitelistUri, DOSTargetlistUri supports perl-style regex and # matches the whole request URI (everything between the domain name and # the ?) against this regex. # #DOSTargetlistUri /path/to/targeted/resource #DOSTargetlistUri .*targeted.* # Choose an alternative HTTP status code for the reply to blocked clients. # By default mod_evasive returns 403 Forbidden to blocked clients. This # directive allows any other HTTP code known to Apache to be used instead. #DOSHTTPStatus 429 </IfModule>
