mod_evasive is not in the extras :( however I am sure we could package it. On 25/05/07, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote:
Damian Myerscough wrote: > On 25/05/07, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: >> seth vidal wrote: >> > Here's what I've used in the past. >> > >> > It allows connections for certain ports/places and then drops >> everything >> > else as the last item. >> > >> > http://linux.duke.edu/~skvidal/misc/iptables-template >> > >> > it's pretty painless, really. >> > >> > If we want to add explicit outbound rules, too, that's fine, but I'd >> > advise enabling logging b/c that stuff is easy to get wrong. :) >> > >> > This is just a sample but it's simple and straightforward. >> > >> >> Excellent. I much prefer simple firewall rules where possible (its not >> always possible :) >> >> One RFE: >> >> Could we have a commented section in there to rate limit some of the >> open ports (http immediately come to mind)? That way if we get slammed >> again we don't have to go figure out what we've done in the past we can >> just uncomment it. >> >> What do you think? >> >> -Mike >> >> _______________________________________________ >> Fedora-infrastructure-list mailing list >> Fedora-infrastructure-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list >> > > Hey Mike, > > For Apache why not deploy the mod_evasive module. What is mod_evasive? > > mod_evasive is an evasive maneuvers module for Apache to provide > evasive action in the event of an HTTP DoS or DDoS attack or brute > force attack. It is also designed to be a detection and network > management tool, and can be easily configured to talk to ipchains, > firewalls, routers, and etcetera. mod_evasive presently reports abuses > via email and syslog facilities. > > I have finished university for the summer, would you like me to look > into deploying this > next week? Does anyone have any objections to this? > Is mod_evasive in extras/epel? -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
-- Regards, Damian
