diff options
Diffstat (limited to 'www/mod_evasive')
-rw-r--r-- | www/mod_evasive/Makefile | 38 | ||||
-rw-r--r-- | www/mod_evasive/distinfo | 2 | ||||
-rw-r--r-- | www/mod_evasive/pkg-descr | 30 |
3 files changed, 70 insertions, 0 deletions
diff --git a/www/mod_evasive/Makefile b/www/mod_evasive/Makefile new file mode 100644 index 000000000000..44040747a80a --- /dev/null +++ b/www/mod_evasive/Makefile @@ -0,0 +1,38 @@ +# New ports collection makefile for: mod_dosevasive20 +# Date created: 26 Jul 2004 +# Whom: Xavier Beaudouin <kiwi@oav.net> +# +# $FreeBSD$ +# + +PORTNAME= mod_dosevasive20 +PORTVERSION= 1.9 +CATEGORIES= www security +MASTER_SITES= http://www.nuclearelephant.com/projects/dosevasive/ +DISTNAME= mod_dosevasive.${PORTVERSION} +DIST_SUBDIR= apache2 + +MAINTAINER= kiwi@oav.net +COMMENT= An Apache 2 module to try to protect HTTP DoS or DDoS attacks + +WRKSRC= ${WRKDIR}/${PORTNAME} + +WANT_APACHE= 2 +AP_FAST_BUILD= YES +AP_GENPLIST= YES +WRKSRC= ${WRKDIR}/mod_dosevasive + +PORTDOCS= LICENSE README test.pl + +.include <bsd.port.pre.mk> +.include "${PORTSDIR}/www/apache2/Makefile.modules.3rd" + +post-install: +.if !defined (NOPORTDOCS) + @${MKDIR} ${DOCSDIR} +. for f in ${PORTDOCS} + @${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR} +. endfor +.endif + +.include <bsd.port.post.mk> diff --git a/www/mod_evasive/distinfo b/www/mod_evasive/distinfo new file mode 100644 index 000000000000..3febfce13300 --- /dev/null +++ b/www/mod_evasive/distinfo @@ -0,0 +1,2 @@ +MD5 (apache2/mod_dosevasive.1.9.tar.gz) = 994333fa0ea901ae035919ce869332b0 +SIZE (apache2/mod_dosevasive.1.9.tar.gz) = 23850 diff --git a/www/mod_evasive/pkg-descr b/www/mod_evasive/pkg-descr new file mode 100644 index 000000000000..338260dae53f --- /dev/null +++ b/www/mod_evasive/pkg-descr @@ -0,0 +1,30 @@ +mod_dosevasive is an evasive maneuvers module for Apache to provide evasive +action in the event of an HTTP DoS or DDoS attack or brute force attack. +It is also designed to be a detection and network management tool, and can be +easily configured to talk to ipchains, firewalls, routers, and etcetera. +mod_dosevasive presently reports abuses via email and syslog facilities. + +Detection is performed by creating an internal dynamic hash table of IP +Addresses and URIs, and denying any single IP address from any of the +following: + + * Requesting the same page more than a few times per second + * Making more than 50 concurrent requests on the same child per second + * Making any requests while temporarily blacklisted (on a blocking list) + +This method has worked well in both single-server script attacks as well as +distributed attacks, but just like other evasive tools, is only as useful to +the point of bandwidth and processor consumption (e.g. the amount of bandwidth +and processor required to receive/process/respond to invalid requests), which +is why it's a good idea to integrate this with your firewalls and routers for +maximum protection. + +This module instantiates for each listener individually, and therefore has a +built-in cleanup mechanism and scaling capabilities. Because of this per-child +design, legitimate requests are never compromised (even from proxies and NAT +addresses) but only scripted attacks. Even a user repeatedly clicking on +'reload' should not be affected unless they do it maliciously. mod_dosevasive +is fully tweakable through the Apache configuration file, easy to incorporate +into your web server, and easy to use. + +WWW: http://www.nuclearelephant.com/projects/dosevasive/ |