Hi,
I'm currently experimenting with the mod_evasive module for Apache, to protect the server against potential DoS attacks. Here's what I did so far.
# yum install mod_evasive
Don't touch mod_evasive's default configuration, just restart Apache.
# systemctl restart httpd
The package includes a test.pl script supposed to launch a testing DoS attack. Unfortunately this script doesn't seem to work as expected. Here's the only response I get:
# perl test.pl HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request ...
According to the various online tutorials I found, this should more look like:
# perl test.pl HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK HTTP/1.1 200 OK ... HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden ...
I tried this on two sandbox machine, one on my LAN, one on a public server, and both times I got the same result.
Any suggestions?
Niki
Le 09/07/2017 à 13:17, Alexander Dalloz a écrit :
What does apache log? I guess it logs more than just HTTP status 400.
Unfortunately the Apache logs don't tell much.
192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?91 HTTP/1.0" 400 226 "-" "-" 192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?92 HTTP/1.0" 400 226 "-" "-" 192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?93 HTTP/1.0" 400 226 "-" "-" 192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?94 HTTP/1.0" 400 226 "-" "-"
Niki
Le 09/07/2017 à 13:17, Alexander Dalloz a écrit :
What does apache log? I guess it logs more than just HTTP status 400.
I wonder if something is wrong with the test.pl script. Here's what I have:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket; use strict;
for(0..20) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => "tcp", PeerAddr=> "127.0.0.1:80"); if (! defined $SOCKET) { die $!; } print $SOCKET "GET /?$_ HTTP/1.0\n\n"; $response = <$SOCKET>; print $response; close($SOCKET); }
With this script (present in /usr/share/doc/mod_evasive-1.10.1/) I get a "HTTP/1.1 400 Bad Request" error back on a standard CentOS installation.
Hmmmm. I'm clueless.
Niki
-
Alexander Dalloz -
Nicolas Kovacs