debian/0000755000000000000000000000000012167255301007170 5ustar debian/source/0000755000000000000000000000000012167237171010475 5ustar debian/source/format0000644000000000000000000000001412167237171011703 0ustar 3.0 (quilt) debian/libapache2-mod-evasive.postrm0000644000000000000000000000036212167252532014651 0ustar #!/bin/sh set -e if dpkg-maintscript-helper supports mv_conffile 2>/dev/null; then dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-available/evasive.load 1.10.1-1 -- "$@" fi #DEBHELPER# debian/rules0000755000000000000000000000232012167254070010247 0ustar #!/usr/bin/make -f # Sample debian/rules that uses debhelper. # GNU copyright 1997 to 1999 by Joey Hess. # This is the debhelper compatability version to use. #export DH_COMPAT=3 build: build-stamp build-stamp: dh_testdir apxs2 -c mod_evasive20.c touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp rm -f mod_evasive20.lo mod_evasive20.slo mod_evasive20.la rm -rf .libs/ dh_clean install: build dh_testdir dh_testroot dh_prep dh_installdirs dh_install dh_apache2 # Build architecture-independent files here. binary-indep: build install # We have nothing to do by default. # Build architecture-dependent files here. binary-arch: build install dh_testdir dh_testroot # dh_installdebconf dh_installdocs dh_installexamples # dh_installmenu # dh_installlogrotate # dh_installemacsen # dh_installpam # dh_installmime # dh_installinit # dh_installcron # dh_installman # dh_installinfo # dh_undocumented dh_installchangelogs CHANGELOG dh_link dh_strip dh_compress dh_fixperms # dh_makeshlibs dh_installdeb # dh_perl dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb binary: binary-indep binary-arch .PHONY: build clean binary-indep binary-arch binary install debian/changelog0000644000000000000000000000177412167253755011066 0ustar libapache-mod-evasive (1.10.1-2) unstable; urgency=low * [Colin Watson] - Port to Apache 2.4 (closes: #666846). * Renamed remove mod_ from .load filename. (Closes: #437807) * Install sample config file. (Closes: #437806) * Clean-up/update control, copyright files -- Alberto Gonzalez Iniesta Wed, 10 Jul 2013 13:00:03 +0200 libapache-mod-evasive (1.10.1-1) unstable; urgency=low * New upstream version. Changed package name. s/dos// * Lenny: Built module for Apache 2.x only. * Removed mod_evasiveNSAPI.c, since it's still non-free. -- Alberto Gonzalez Iniesta Wed, 27 Jun 2007 15:47:47 +0200 libapache-mod-dosevasive (1.10-1) unstable; urgency=low * Initial release (Closes: #302002) * Removed non-free mod_dosevasiveNSAPI.c from upstream source. Thanks Joerg Jaspert for noticing this. Upstream contacted, and file will be re-licensed under GPL next time. -- Alberto Gonzalez Iniesta Thu, 13 Oct 2005 17:35:15 +0200 debian/libapache2-mod-evasive.apache20000644000000000000000000000011312167252106014617 0ustar mod .libs/mod_evasive20.so mod debian/evasive.load mod debian/evasive.conf debian/control0000644000000000000000000000136412167254032010577 0ustar Source: libapache-mod-evasive Section: web Priority: optional Maintainer: Alberto Gonzalez Iniesta Build-Depends: debhelper (>> 9.0.0), dh-apache2, apache2-dev Standards-Version: 3.9.4 Homepage: http://www.zdziarski.com/blog/?page_id=442 Package: libapache2-mod-evasive Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: evasive module to minimize HTTP DoS or brute force attacks mod_evasive is an evasive maneuvers module for Apache to provide some protection in the event of an HTTP DoS or DDoS attack or brute force attack. . It is also designed to be a detection tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. . This module only works on Apache 2.x servers debian/patches/0000755000000000000000000000000012167237171010624 5ustar debian/patches/series0000644000000000000000000000006012167237171012035 0ustar aplog-use-module.patch conn-rec-remote-ip.patch debian/patches/aplog-use-module.patch0000644000000000000000000000101312167237171015017 0ustar Description: Add APLOG_USE_MODULE for Apache 2.4 per-module loglevels Author: Colin Watson Forwarded: no Last-Update: 2013-07-08 Index: b/mod_evasive20.c =================================================================== --- a/mod_evasive20.c +++ b/mod_evasive20.c @@ -38,6 +38,10 @@ #include "http_log.h" #include "http_request.h" +#ifdef APLOG_USE_MODULE +APLOG_USE_MODULE(evasive20); +#endif + module AP_MODULE_DECLARE_DATA evasive20_module; /* BEGIN DoS Evasive Maneuvers Definitions */ debian/patches/conn-rec-remote-ip.patch0000644000000000000000000001016712167237171015255 0ustar Description: Handle conn_rec->remote_ip split in Apache 2.4 Author: Colin Watson Forwarded: no Last-Update: 2013-07-08 Index: b/mod_evasive20.c =================================================================== --- a/mod_evasive20.c +++ b/mod_evasive20.c @@ -44,6 +44,13 @@ module AP_MODULE_DECLARE_DATA evasive20_module; +#if AP_SERVER_MAJORVERSION_NUMBER > 2 || \ + (AP_SERVER_MAJORVERSION_NUMBER == 2 && AP_SERVER_MINORVERSION_NUMBER >= 4) +#define CLIENT_IP(conn) ((conn)->client_ip) +#else +#define CLIENT_IP(conn) ((conn)->remote_ip) +#endif + /* BEGIN DoS Evasive Maneuvers Definitions */ #define MAILER "/bin/mail %s" @@ -143,11 +150,11 @@ time_t t = time(NULL); /* Check whitelist */ - if (is_whitelisted(r->connection->remote_ip)) + if (is_whitelisted(CLIENT_IP(r->connection))) return OK; /* First see if the IP itself is on "hold" */ - n = ntt_find(hit_list, r->connection->remote_ip); + n = ntt_find(hit_list, CLIENT_IP(r->connection)); if (n != NULL && t-n->timestampconnection->remote_ip, r->uri); + snprintf(hash_key, 2048, "%s_%s", CLIENT_IP(r->connection), r->uri); n = ntt_find(hit_list, hash_key); if (n != NULL) { /* If URI is being hit too much, add to "hold" list and 403 */ if (t-n->timestampcount>=page_count) { ret = HTTP_FORBIDDEN; - ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); + ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL)); } else { /* Reset our hit count list as necessary */ @@ -181,14 +188,14 @@ } /* Has site been hit too much? */ - snprintf(hash_key, 2048, "%s_SITE", r->connection->remote_ip); + snprintf(hash_key, 2048, "%s_SITE", CLIENT_IP(r->connection)); n = ntt_find(hit_list, hash_key); if (n != NULL) { /* If site is being hit too much, add to "hold" list and 403 */ if (t-n->timestampcount>=site_count) { ret = HTTP_FORBIDDEN; - ntt_insert(hit_list, r->connection->remote_ip, time(NULL)); + ntt_insert(hit_list, CLIENT_IP(r->connection), time(NULL)); } else { /* Reset our hit count list as necessary */ @@ -209,27 +216,27 @@ struct stat s; FILE *file; - snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, r->connection->remote_ip); + snprintf(filename, sizeof(filename), "%s/dos-%s", log_dir != NULL ? log_dir : DEFAULT_LOG_DIR, CLIENT_IP(r->connection)); if (stat(filename, &s)) { file = fopen(filename, "w"); if (file != NULL) { fprintf(file, "%ld\n", getpid()); fclose(file); - LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", r->connection->remote_ip); + LOG(LOG_ALERT, "Blacklisting address %s: possible DoS attack.", CLIENT_IP(r->connection)); if (email_notify != NULL) { snprintf(filename, sizeof(filename), MAILER, email_notify); file = popen(filename, "w"); if (file != NULL) { fprintf(file, "To: %s\n", email_notify); - fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", r->connection->remote_ip); - fprintf(file, "mod_evasive HTTP Blacklisted %s\n", r->connection->remote_ip); + fprintf(file, "Subject: HTTP BLACKLIST %s\n\n", CLIENT_IP(r->connection)); + fprintf(file, "mod_evasive HTTP Blacklisted %s\n", CLIENT_IP(r->connection)); pclose(file); } } if (system_command != NULL) { - snprintf(filename, sizeof(filename), system_command, r->connection->remote_ip); + snprintf(filename, sizeof(filename), system_command, CLIENT_IP(r->connection)); system(filename); } debian/libapache2-mod-evasive.preinst0000644000000000000000000000036212167252537015016 0ustar #!/bin/sh set -e if dpkg-maintscript-helper supports mv_conffile 2>/dev/null; then dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-available/evasive.load 1.10.1-1 -- "$@" fi #DEBHELPER# debian/libapache2-mod-evasive.examples0000644000000000000000000000001012167237141015130 0ustar test.pl debian/compat0000644000000000000000000000000212167237766010405 0ustar 9 debian/libapache2-mod-evasive.docs0000644000000000000000000000000712167237141014250 0ustar README debian/evasive.load0000644000000000000000000000010612167237141011472 0ustar LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so debian/copyright0000644000000000000000000000203612167254132011125 0ustar This package was debianized by Alberto Gonzalez Iniesta on Fri, 15 Jul 2005 18:55:59 +0200 It was downloaded from http://www.zdziarski.com/projects/mod_evasive/ Copyright (c) 2005 Jonathan A. Zdziarski This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. debian/evasive.conf0000644000000000000000000000055212167251504011504 0ustar #DOSHashTableSize 3097 #DOSPageCount 2 #DOSSiteCount 50 #DOSPageInterval 1 #DOSSiteInterval 1 #DOSBlockingPeriod 10 #DOSEmailNotify you@yourdomain.com #DOSSystemCommand "su - someuser -c '/sbin/... %s ...'" #DOSLogDir "/var/log/mod_evasive" debian/libapache2-mod-evasive.postinst0000644000000000000000000000057012167255274015217 0ustar #!/bin/sh set -e if dpkg-maintscript-helper supports mv_conffile 2>/dev/null; then dpkg-maintscript-helper mv_conffile /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-available/evasive.load 1.10.1-1 -- "$@" fi # remove mods-enabled link to old .load file case "$1" in configure) rm -f /etc/apache2/mods-enabled/mod-evasive.load ;; esac #DEBHELPER#