https://kb.rvmgroup.it/index.php?action=history&feed=atom&title=Protezione_di_un_server_Apache_con_mod_evasiveProtezione di un server Apache con mod evasive - Revision history2026-05-06T17:26:34ZRevision history for this page on the wikiMediaWiki 1.44.2https://kb.rvmgroup.it/index.php?title=Protezione_di_un_server_Apache_con_mod_evasive&diff=9346&oldid=prevGabriele.vivinetto: Created page with "=Installazione= * mod_evasive permette di bloccare degli host che acceddono in maniera troppo agressiva rispondendo con un 403/forbidden * Installare il pacchetto: sudo apt..."2015-07-06T13:31:19Z<p>Created page with "=Installazione= * mod_evasive permette di bloccare degli host che acceddono in maniera troppo agressiva rispondendo con un 403/forbidden * Installare il pacchetto: sudo apt..."</p>
<p><b>New page</b></p><div>=Installazione=<br />
<br />
* mod_evasive permette di bloccare degli host che acceddono in maniera troppo agressiva rispondendo con un 403/forbidden<br />
<br />
* Installare il pacchetto:<br />
sudo apt-get install libapache2-mod-evasive<br />
<br />
* Se si intende notificare i blocchi via mail, occorre creare un symlink per mail (eventualmente installarlo):<br />
sudo ln -s /usr/bin/mail /bin/mail<br />
<br />
* Abilitare il modulo:<br />
sudo a2enmod mod-evasive<br />
<br />
=Configurazione=<br />
<br />
* Creare il file di configurazione globale per il web server<br />
sudoedit /etc/apache2/conf.d/mod-evasive<br />
<br />
<pre><br />
<IfModule mod_evasive20.c><br />
<br />
# Size of the hash table used to store the IPs.<br />
DOSHashTableSize 3097<br />
<br />
# Number of pages allowed per DOSPageInterval.<br />
DOSPageCount 5<br />
<br />
# Time in seconds used by DOSPageCount.<br />
DOSPageInterval 1<br />
<br />
# Number of objects allowed per DOSSiteInterval.<br />
DOSSiteCount 100<br />
<br />
# Time in seconds used by DOSSiteCount.<br />
DOSSiteInterval 1<br />
<br />
# Time in seconds that IPs will be banned. If an IP tries to access the <br />
# server within this period, the count will be restarted.<br />
DOSBlockingPeriod 10<br />
<br />
# Directory to store the logs. If not specified, /tmp will be used. Optional<br />
DOSLogDir "/var/lock/mod_evasive"<br />
<br />
# Mail where notifications will be sent. Uses /bin/mail. Optional<br />
DOSEmailNotify mailbox@example.com<br />
<br />
# List of IPs which won’t be blocked. Optional<br />
# DOSWhitelist<br />
<br />
# Command to execute if an IP is blocked. Optional For example:<br />
# DOSSystemCommand "/sbin/iptables -I INPUT -p tcp --dport 80 -s %s -j DROP"<br />
<br />
</IfModule><br />
<br />
</pre><br />
<br />
* Riavviare apache<br />
sudo /etc/init.d/apache2 restart<br />
<br />
=Test=<br />
* Esiste uno script apposito:<br />
perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl<br />
<br />
=Riferimenti=<br />
*[https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache mod_evasive on Apache - Linode Guides & Tutorials]<br />
*[https://acidborg.wordpress.com/2009/06/25/installation-configuration-of-mod_evasive-in-ubuntu-server-9-04/ Installation & configuration of mod_evasive in Ubuntu Server 9.04 | Jaime Frutos Morales's blog]<br />
*[http://www.webhostingtalk.com/showthread.php?t=937724 mod_evasive neither does send mail nore write to log file | Web Hosting Talk]<br />
*[http://serverfault.com/questions/620734/modevasive-not-sending-email-alerts linux - ModEvasive Not Sending Email Alerts - Server Fault]<br />
*[http://www.debian-tutorials.com/apache2-prevent-ddos-attack-with-mod_evasive-in-debian-squeeze Debian copy/paste Tutorials - Linux Tutorials - Apache2 Prevent DDoS Attack With mod_evasive in Debian Squeeze]</div>Gabriele.vivinetto