[NEW PORT] www/mod_dosevasive20: An Apache 2 module to try to protect HTTP DoS or DDoS attacks

mod_dosevasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities. PR: ports/69623 Submitted by: Xavier Beaudouin <kiwi@oav.net>
author: edwin <edwin@FreeBSD.org> 2004-07-30 08:30:24 +0800
committer: edwin <edwin@FreeBSD.org> 2004-07-30 08:30:24 +0800
commit: f87869006cee50eb767197f5a99d72c67d68467d (patch)
tree: edae7c56c6022fcfe71790328df368514e19267d /www
parent: 5d62e3c76ce40d57cf968a00809670480a48b0ac (diff)
download: freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.tar.gz
freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.tar.zst
freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.zip
10 files changed, 211 insertions, 0 deletions
diff --git a/www/Makefile b/www/Makefile
index 79e953c6c626..2e28587613dc 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -252,6 +252,7 @@
     SUBDIR += mod_cvs
     SUBDIR += mod_cvs2
     SUBDIR += mod_dav
+    SUBDIR += mod_dosevasive20
     SUBDIR += mod_dtcl
     SUBDIR += mod_encoding
     SUBDIR += mod_extract_forwarded
diff --git a/www/mod_dosevasive20/Makefile b/www/mod_dosevasive20/Makefile
new file mode 100644
index 000000000000..44040747a80a
--- /dev/null
+++ b/www/mod_dosevasive20/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:	mod_dosevasive20
+# Date created:				26 Jul 2004
+# Whom:					Xavier Beaudouin <kiwi@oav.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	mod_dosevasive20
+PORTVERSION=	1.9
+CATEGORIES=	www security
+MASTER_SITES=	http://www.nuclearelephant.com/projects/dosevasive/
+DISTNAME=	mod_dosevasive.${PORTVERSION}
+DIST_SUBDIR=	apache2
+
+MAINTAINER=	kiwi@oav.net
+COMMENT=	An Apache 2 module to try to protect HTTP DoS or DDoS attacks
+
+WRKSRC=		${WRKDIR}/${PORTNAME}
+
+WANT_APACHE=	2
+AP_FAST_BUILD=	YES
+AP_GENPLIST=	YES
+WRKSRC=		${WRKDIR}/mod_dosevasive
+
+PORTDOCS=	LICENSE README test.pl
+
+.include <bsd.port.pre.mk>
+.include "${PORTSDIR}/www/apache2/Makefile.modules.3rd"
+
+post-install:
+.if !defined (NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.   for f in ${PORTDOCS}
+	@${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
+.   endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_dosevasive20/distinfo b/www/mod_dosevasive20/distinfo
new file mode 100644
index 000000000000..3febfce13300
--- /dev/null
+++ b/www/mod_dosevasive20/distinfo
@@ -0,0 +1,2 @@
+MD5 (apache2/mod_dosevasive.1.9.tar.gz) = 994333fa0ea901ae035919ce869332b0
+SIZE (apache2/mod_dosevasive.1.9.tar.gz) = 23850
diff --git a/www/mod_dosevasive20/pkg-descr b/www/mod_dosevasive20/pkg-descr
new file mode 100644
index 000000000000..338260dae53f
--- /dev/null
+++ b/www/mod_dosevasive20/pkg-descr
@@ -0,0 +1,30 @@
+mod_dosevasive is an evasive maneuvers module for Apache to provide evasive 
+action in the event of an HTTP DoS or DDoS attack or brute force attack.
+It is also designed to be a detection and network management tool, and can be
+easily configured to talk to ipchains, firewalls, routers, and etcetera.
+mod_dosevasive presently reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+    * Requesting the same page more than a few times per second
+    * Making more than 50 concurrent requests on the same child per second
+    * Making any requests while temporarily blacklisted (on a blocking list) 
+
+This method has worked well in both single-server script attacks as well as
+distributed attacks, but just like other evasive tools, is only as useful to
+the point of bandwidth and processor consumption (e.g. the amount of bandwidth
+and processor required to receive/process/respond to invalid requests), which
+is why it's a good idea to integrate this with your firewalls and routers for
+maximum protection.
+
+This module instantiates for each listener individually, and therefore has a
+built-in cleanup mechanism and scaling capabilities. Because of this per-child
+design, legitimate requests are never compromised (even from proxies and NAT
+addresses) but only scripted attacks. Even a user repeatedly clicking on
+'reload' should not be affected unless they do it maliciously. mod_dosevasive
+is fully tweakable through the Apache configuration file, easy to incorporate
+into your web server, and easy to use. 
+
+WWW: http://www.nuclearelephant.com/projects/dosevasive/
diff --git a/www/mod_evasive/Makefile b/www/mod_evasive/Makefile
new file mode 100644
index 000000000000..44040747a80a
--- /dev/null
+++ b/www/mod_evasive/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:	mod_dosevasive20
+# Date created:				26 Jul 2004
+# Whom:					Xavier Beaudouin <kiwi@oav.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	mod_dosevasive20
+PORTVERSION=	1.9
+CATEGORIES=	www security
+MASTER_SITES=	http://www.nuclearelephant.com/projects/dosevasive/
+DISTNAME=	mod_dosevasive.${PORTVERSION}
+DIST_SUBDIR=	apache2
+
+MAINTAINER=	kiwi@oav.net
+COMMENT=	An Apache 2 module to try to protect HTTP DoS or DDoS attacks
+
+WRKSRC=		${WRKDIR}/${PORTNAME}
+
+WANT_APACHE=	2
+AP_FAST_BUILD=	YES
+AP_GENPLIST=	YES
+WRKSRC=		${WRKDIR}/mod_dosevasive
+
+PORTDOCS=	LICENSE README test.pl
+
+.include <bsd.port.pre.mk>
+.include "${PORTSDIR}/www/apache2/Makefile.modules.3rd"
+
+post-install:
+.if !defined (NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.   for f in ${PORTDOCS}
+	@${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
+.   endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_evasive/distinfo b/www/mod_evasive/distinfo
new file mode 100644
index 000000000000..3febfce13300
--- /dev/null
+++ b/www/mod_evasive/distinfo
@@ -0,0 +1,2 @@
+MD5 (apache2/mod_dosevasive.1.9.tar.gz) = 994333fa0ea901ae035919ce869332b0
+SIZE (apache2/mod_dosevasive.1.9.tar.gz) = 23850
diff --git a/www/mod_evasive/pkg-descr b/www/mod_evasive/pkg-descr
new file mode 100644
index 000000000000..338260dae53f
--- /dev/null
+++ b/www/mod_evasive/pkg-descr
@@ -0,0 +1,30 @@
+mod_dosevasive is an evasive maneuvers module for Apache to provide evasive 
+action in the event of an HTTP DoS or DDoS attack or brute force attack.
+It is also designed to be a detection and network management tool, and can be
+easily configured to talk to ipchains, firewalls, routers, and etcetera.
+mod_dosevasive presently reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+    * Requesting the same page more than a few times per second
+    * Making more than 50 concurrent requests on the same child per second
+    * Making any requests while temporarily blacklisted (on a blocking list) 
+
+This method has worked well in both single-server script attacks as well as
+distributed attacks, but just like other evasive tools, is only as useful to
+the point of bandwidth and processor consumption (e.g. the amount of bandwidth
+and processor required to receive/process/respond to invalid requests), which
+is why it's a good idea to integrate this with your firewalls and routers for
+maximum protection.
+
+This module instantiates for each listener individually, and therefore has a
+built-in cleanup mechanism and scaling capabilities. Because of this per-child
+design, legitimate requests are never compromised (even from proxies and NAT
+addresses) but only scripted attacks. Even a user repeatedly clicking on
+'reload' should not be affected unless they do it maliciously. mod_dosevasive
+is fully tweakable through the Apache configuration file, easy to incorporate
+into your web server, and easy to use. 
+
+WWW: http://www.nuclearelephant.com/projects/dosevasive/
diff --git a/www/mod_evasive20/Makefile b/www/mod_evasive20/Makefile
new file mode 100644
index 000000000000..44040747a80a
--- /dev/null
+++ b/www/mod_evasive20/Makefile
@@ -0,0 +1,38 @@
+# New ports collection makefile for:	mod_dosevasive20
+# Date created:				26 Jul 2004
+# Whom:					Xavier Beaudouin <kiwi@oav.net>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	mod_dosevasive20
+PORTVERSION=	1.9
+CATEGORIES=	www security
+MASTER_SITES=	http://www.nuclearelephant.com/projects/dosevasive/
+DISTNAME=	mod_dosevasive.${PORTVERSION}
+DIST_SUBDIR=	apache2
+
+MAINTAINER=	kiwi@oav.net
+COMMENT=	An Apache 2 module to try to protect HTTP DoS or DDoS attacks
+
+WRKSRC=		${WRKDIR}/${PORTNAME}
+
+WANT_APACHE=	2
+AP_FAST_BUILD=	YES
+AP_GENPLIST=	YES
+WRKSRC=		${WRKDIR}/mod_dosevasive
+
+PORTDOCS=	LICENSE README test.pl
+
+.include <bsd.port.pre.mk>
+.include "${PORTSDIR}/www/apache2/Makefile.modules.3rd"
+
+post-install:
+.if !defined (NOPORTDOCS)
+	@${MKDIR} ${DOCSDIR}
+.   for f in ${PORTDOCS}
+	@${INSTALL_DATA} ${WRKSRC}/${f} ${DOCSDIR}
+.   endfor
+.endif
+
+.include <bsd.port.post.mk>
diff --git a/www/mod_evasive20/distinfo b/www/mod_evasive20/distinfo
new file mode 100644
index 000000000000..3febfce13300
--- /dev/null
+++ b/www/mod_evasive20/distinfo
@@ -0,0 +1,2 @@
+MD5 (apache2/mod_dosevasive.1.9.tar.gz) = 994333fa0ea901ae035919ce869332b0
+SIZE (apache2/mod_dosevasive.1.9.tar.gz) = 23850
diff --git a/www/mod_evasive20/pkg-descr b/www/mod_evasive20/pkg-descr
new file mode 100644
index 000000000000..338260dae53f
--- /dev/null
+++ b/www/mod_evasive20/pkg-descr
@@ -0,0 +1,30 @@
+mod_dosevasive is an evasive maneuvers module for Apache to provide evasive 
+action in the event of an HTTP DoS or DDoS attack or brute force attack.
+It is also designed to be a detection and network management tool, and can be
+easily configured to talk to ipchains, firewalls, routers, and etcetera.
+mod_dosevasive presently reports abuses via email and syslog facilities.
+
+Detection is performed by creating an internal dynamic hash table of IP
+Addresses and URIs, and denying any single IP address from any of the
+following:
+
+    * Requesting the same page more than a few times per second
+    * Making more than 50 concurrent requests on the same child per second
+    * Making any requests while temporarily blacklisted (on a blocking list) 
+
+This method has worked well in both single-server script attacks as well as
+distributed attacks, but just like other evasive tools, is only as useful to
+the point of bandwidth and processor consumption (e.g. the amount of bandwidth
+and processor required to receive/process/respond to invalid requests), which
+is why it's a good idea to integrate this with your firewalls and routers for
+maximum protection.
+
+This module instantiates for each listener individually, and therefore has a
+built-in cleanup mechanism and scaling capabilities. Because of this per-child
+design, legitimate requests are never compromised (even from proxies and NAT
+addresses) but only scripted attacks. Even a user repeatedly clicking on
+'reload' should not be affected unless they do it maliciously. mod_dosevasive
+is fully tweakable through the Apache configuration file, easy to incorporate
+into your web server, and easy to use. 
+
+WWW: http://www.nuclearelephant.com/projects/dosevasive/
author	edwin <edwin@FreeBSD.org>	2004-07-30 08:30:24 +0800
committer	edwin <edwin@FreeBSD.org>	2004-07-30 08:30:24 +0800
commit	f87869006cee50eb767197f5a99d72c67d68467d (patch)
tree	edae7c56c6022fcfe71790328df368514e19267d /www
parent	5d62e3c76ce40d57cf968a00809670480a48b0ac (diff)
download	freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.tar.gz freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.tar.zst freebsd-ports-gnome-f87869006cee50eb767197f5a99d72c67d68467d.zip