3 files changed, 70 insertions, 0 deletions

diff --git a/www/mod_evasive/Makefile b/www/mod_evasive/Makefile
new file mode 100644
index 000000000000..44040747a80a
--- /dev/null
+++ b/www/mod_evasive/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:	mod_dosevasive20
+# Date created:				26 Jul 2004
+# Whom:					Xavier Beaudouin <kiwi@oav.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	mod_dosevasive20
+PORTVERSION=	1.9
+CATEGORIES=	www security
+MASTER_SITES=	http://www.nuclearelephant.com/projects/dosevasive/
+DISTNAME=	mod_dosevasive.${PORTVERSION}
+DIST_SUBDIR=	apache2
+
+MAINTAINER=	kiwi@oav.net
+COMMENT=	An Apache 2 module to try to protect HTTP DoS or DDoS attacks
+
+WRKSRC=		${WRKDIR}/${PORTNAME}
+
+WANT_APACHE=	2
+AP_FAST_BUILD=	YES
+AP_GENPLIST=	YES
+WRKSRC=		${WRKDIR}/mod_dosevasive
+
+PORTDOCS=	LICENSE README test.pl
+
+.include <bsd.port.pre.mk>
+.include "${PORTSDIR}/www/apache2/Makefile.modules.3rd"
+
+post-install:
+.if !defined (NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.   for f in ${PORTDOCS}
+	@${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
+.   endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_evasive/distinfo b/www/mod_evasive/distinfo
new file mode 100644
index 000000000000..3febfce13300
--- /dev/null
+++ b/www/mod_evasive/distinfo
@@ -0,0 +1,2 @@
+MD5 (apache2/mod_dosevasive.1.9.tar.gz) = 994333fa0ea901ae035919ce869332b0
+SIZE (apache2/mod_dosevasive.1.9.tar.gz) = 23850
diff --git a/www/mod_evasive/pkg-descr b/www/mod_evasive/pkg-descr
new file mode 100644
index 000000000000..338260dae53f
--- /dev/null
+++ b/www/mod_evasive/pkg-descr
@@ -0,0 +1,30 @@
+mod_dosevasive is an evasive maneuvers module for Apache to provide evasive 
+action in the event of an HTTP DoS or DDoS attack or brute force attack.
+It is also designed to be a detection and network management tool, and can be
+easily configured to talk to ipchains, firewalls, routers, and etcetera.
+mod_dosevasive presently reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+    * Requesting the same page more than a few times per second
+    * Making more than 50 concurrent requests on the same child per second
+    * Making any requests while temporarily blacklisted (on a blocking list) 
+
+This method has worked well in both single-server script attacks as well as
+distributed attacks, but just like other evasive tools, is only as useful to
+the point of bandwidth and processor consumption (e.g. the amount of bandwidth
+and processor required to receive/process/respond to invalid requests), which
+is why it's a good idea to integrate this with your firewalls and routers for
+maximum protection.
+
+This module instantiates for each listener individually, and therefore has a
+built-in cleanup mechanism and scaling capabilities. Because of this per-child
+design, legitimate requests are never compromised (even from proxies and NAT
+addresses) but only scripted attacks. Even a user repeatedly clicking on
+'reload' should not be affected unless they do it maliciously. mod_dosevasive
+is fully tweakable through the Apache configuration file, easy to incorporate
+into your web server, and easy to use. 
+
+WWW: http://www.nuclearelephant.com/projects/dosevasive/