rpms/mod_evasive/devel mod_evasive.conf, NONE, 1.1 mod_evasive.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Konstantin Ryabitsev (icon) fedora-extras-commits at redhat.com
Thu Jul 12 15:57:37 UTC 2007 

Author: icon

Update of /cvs/extras/rpms/mod_evasive/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4832/devel

Modified Files:
	.cvsignore sources 
Added Files:
	mod_evasive.conf mod_evasive.spec 
Log Message:
Verified working on Apache-2.2, whee!



--- NEW FILE mod_evasive.conf ---
# mod_evasive configuration
LoadModule evasive20_module modules/mod_evasive20.so

<IfModule mod_evasive20.c>
    # The hash table size defines the number of top-level nodes for each
    # child's hash table.  Increasing this number will provide faster
    # performance by decreasing the number of iterations required to get to the
    # record, but consume more memory for table space.  You should increase
    # this if you have a busy web server.  The value you specify will
    # automatically be tiered up to the next prime number in the primes list
    # (see mod_evasive.c for a list of primes used).
    DOSHashTableSize    3097

    # This is the threshhold for the number of requests for the same page (or
    # URI) per page interval.  Once the threshhold for that interval has been
    # exceeded, the IP address of the client will be added to the blocking
    # list.
    DOSPageCount        2

    # This is the threshhold for the total number of requests for any object by
    # the same client on the same listener per site interval.  Once the
    # threshhold for that interval has been exceeded, the IP address of the
    # client will be added to the blocking list.
    DOSSiteCount        50

    # The interval for the page count threshhold; defaults to 1 second
    # intervals.
    DOSPageInterval     1

    # The interval for the site count threshhold; defaults to 1 second
    # intervals.
    DOSSiteInterval     1

    # The blocking period is the amount of time (in seconds) that a client will
    # be blocked for if they are added to the blocking list.  During this time,
    # all subsequent requests from the client will result in a 403 (Forbidden)
    # and the timer being reset (e.g. another 10 seconds).  Since the timer is
    # reset for every subsequent request, it is not necessary to have a long
    # blocking period; in the event of a DoS attack, this timer will keep
    # getting reset.
    DOSBlockingPeriod   10

    # If this value is set, an email will be sent to the address specified
    # whenever an IP address becomes blacklisted.  A locking mechanism using
    # /tmp prevents continuous emails from being sent.
    #
    # NOTE: Requires /bin/mail (provided by mailx)
    #DOSEmailNotify      you at yourdomain.com

    # If this value is set, the system command specified will be executed
    # whenever an IP address becomes blacklisted.  This is designed to enable
    # system calls to ip filter or other tools.  A locking mechanism using /tmp
    # prevents continuous system calls.  Use %s to denote the IP address of the
    # blacklisted IP.
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"

    # Choose an alternative temp directory By default "/tmp" will be used for
    # locking mechanism, which opens some security issues if your system is
    # open to shell users.
    #
    #   http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
    #
    # In the event you have nonprivileged shell users, you'll want to create a
    # directory writable only to the user Apache is running as (usually root),
    # then set this in your httpd.conf.
    #DOSLogDir           "/var/lock/mod_evasive"

    # You can use whitelists to disable the module for certain ranges of
    # IPs. Wildcards can be used on up to the last 3 octets if necessary.  
    # Multiple DOSWhitelist commands may be used in the configuration.
    #DOSWhitelist   127.0.0.1
    #DOSWhitelist   192.168.0.*
</IfModule>


--- NEW FILE mod_evasive.spec ---
Name:           mod_evasive
Version:        1.10.1
Release:        3%{?dist}
Summary:        Denial of Service evasion module for Apache

Group:          System Environment/Daemons
License:        GPL
URL:            http://www.zdziarski.com/projects/mod_evasive/
Source0:        http://www.zdziarski.com/projects/mod_evasive/mod_evasive_%{version}.tar.gz
Source1:        mod_evasive.conf
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:  httpd-devel
Requires:       httpd
Requires:       httpd-mmn = %([ -a %{_includedir}/httpd/.mmn ] && cat %{_includedir}/httpd/.mmn || echo missing)

%description
mod_evasive is an evasive maneuvers module for Apache to provide evasive 
action in the event of an HTTP DoS or DDoS attack or brute force attack. It 
is also designed to be a detection and network management tool, and can be 
easily configured to talk to firewalls, routers, etc. mod_evasive presently 
reports abuses via email and syslog facilities. 


%prep
%setup -q -n %{name}


%build
%{_sbindir}/apxs -Wc,"%{optflags}" -c mod_evasive20.c


%install
rm -rf $RPM_BUILD_ROOT
mkdir -pm 755 \
    $RPM_BUILD_ROOT%{_libdir}/httpd/modules \
    $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
install -pm 755 .libs/mod_evasive20.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/
install -pm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/


%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root,-)
%doc README LICENSE CHANGELOG test.pl
%config(noreplace) %{_sysconfdir}/httpd/conf.d/*
%{_libdir}/httpd/modules/*


%changelog
* Tue Apr 10 2007 Konstantin Ryabitsev <icon at fedoraproject.org> - 1.10.1-3
- Modify the URL and finally import into extras.

* Mon Jan 29 2007 Konstantin Ryabitsev <icon at fedoraproject.org> - 1.10.1-2
- The source moved to another domain since last year.
- use _sbindir macro for apxs.

* Tue Dec 06 2005 Konstantin Ryabitsev <icon at fedoraproject.org> - 1.10.1-1
- Cleaning up description
- Cleaning up install
- Slight modification to default config (add DOSWhitelist entries)
- Disttagging
- Adding test.pl to docs

* Wed Nov 16 2005 Kosntantin Ryabitsev <icon at fedoraproject.org> - 1.10.1-0.1
- Initial packaging.


Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/mod_evasive/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	6 Apr 2007 06:23:28 -0000	1.1
+++ .cvsignore	12 Jul 2007 15:57:04 -0000	1.2
@@ -0,0 +1 @@
+mod_evasive_1.10.1.tar.gz


Index: sources
===================================================================
RCS file: /cvs/extras/rpms/mod_evasive/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	6 Apr 2007 06:23:28 -0000	1.1
+++ sources	12 Jul 2007 15:57:04 -0000	1.2
@@ -0,0 +1 @@
+784fca4a124f25ccff5b48c7a69a65e5  mod_evasive_1.10.1.tar.gz

More information about the fedora-extras-commits mailing list