Jan Engelhardt
152c74e594
OBS-URL: https://build.opensuse.org/package/show/Apache:Modules/apache2-mod_evasive?expand=0&rev=27
91 lines
3.2 KiB
Plaintext
91 lines
3.2 KiB
Plaintext
<IfModule mod_evasive20.c>
|
|
#
|
|
# The hash table size defines the number of top-level nodes for each
|
|
# child's hash table. Increasing this number will provide faster
|
|
# performance by decreasing the number of iterations required to get to
|
|
# the record, but consume more memory for table space. You should
|
|
# increase this if you have a busy web server. The value you specify
|
|
# will automatically be tiered up to the next prime number in the
|
|
# primes list (see mod_evasive.c for a list of primes used).
|
|
#
|
|
DOSHashTableSize 3097
|
|
|
|
#
|
|
# This is the threshhold for the number of requests for the same page
|
|
# (or URI) per page interval. Once the threshhold for that interval has
|
|
# been exceeded, the IP address of the client will be added to the
|
|
# blocking list.
|
|
#
|
|
DOSPageCount 2
|
|
|
|
#
|
|
# This is the threshhold for the total number of requests for any
|
|
# object by the same client on the same listener per site interval.
|
|
# Once the threshhold for that interval has been exceeded, the IP
|
|
# address of the client will be added to the blocking list.
|
|
#
|
|
DOSSiteCount 50
|
|
|
|
#
|
|
# The interval for the page count threshhold; defaults to 1 second
|
|
# intervals.
|
|
#
|
|
DOSPageInterval 1
|
|
|
|
#
|
|
# The interval for the site count threshhold; defaults to 1 second
|
|
# intervals.
|
|
#
|
|
DOSSiteInterval 1
|
|
|
|
#
|
|
# The blocking period is the amount of time (in seconds) that a client
|
|
# will be blocked for if they are added to the blocking list. During
|
|
# this time, all subsequent requests from the client will result in a
|
|
# 403 (Forbidden) and the timer being reset (e.g. another 10 seconds).
|
|
# Since the timer is reset for every subsequent request, it is not
|
|
# necessary to have a long blocking period; in the event of a DoS
|
|
# attack, this timer will keep getting reset.
|
|
#
|
|
DOSBlockingPeriod 10
|
|
|
|
#
|
|
# If this value is set, an email will be sent to the address specified
|
|
# whenever an IP address becomes blacklisted. A locking mechanism using
|
|
# /tmp prevents continuous emails from being sent.
|
|
#
|
|
# NOTE: Requires /bin/mail (provided by mailx)
|
|
#
|
|
#DOSEmailNotify you@yourdomain.com
|
|
|
|
#
|
|
# If this value is set, the system command specified will be executed
|
|
# whenever an IP address becomes blacklisted. This is designed to
|
|
# enable system calls to ip filter or other tools. A locking mechanism
|
|
# using /tmp prevents continuous system calls. Use %s to denote the IP
|
|
# address of the blacklisted IP.
|
|
#
|
|
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
|
|
|
|
#
|
|
# Choose an alternative temp directory By default "/tmp" will be used
|
|
# for locking mechanism, which opens some security issues if your
|
|
# system is open to shell users.
|
|
#
|
|
# http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
|
|
#
|
|
# In the event you have nonprivileged shell users, you'll want to
|
|
# create a directory writable only to the user Apache is running as
|
|
# (usually root), then set this in your httpd.conf.
|
|
#
|
|
#DOSLogDir "/var/lock/mod_evasive"
|
|
|
|
#
|
|
# You can use whitelists to disable the module for certain ranges of
|
|
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
|
|
# Multiple DOSWhitelist commands may be used in the configuration.
|
|
#
|
|
#DOSWhitelist 127.0.0.1
|
|
#DOSWhitelist 192.168.0.*
|
|
</IfModule>
|