Re: Whitelisting in mod_evasive (Apache Users)

Hi Matthew,

2016-10-31 16:20 GMT+01:00 Matthew Jones <m.jones@xxxxxxxxx>:

Hello all, first up apologies if this is not the correct place for this question. If it’s not, then I’d appreciate a nudge in the correct direction.

I’m trying to configure mod_evasive so that it whitelists a number of IP ranges, in particular our private 10.*.*.* network. I’ve added that range to the DOSWhitelist but we’re still seeing blacklisting of 10.*.*.* addresses reported by mod_evasive via email.

as side note mod_evasive is a third party module not included in the httpd official release, so we can try to help but it would be better to follow up with the module's author (even though if I remember correctly the project is not active at the moment).

Here is the content of evasive.conf:

<IfModule mod_evasive20.c>

        DOSHashTableSize        6400

        DOSPageCount            2

        DOSSiteCount            64

        DOSPageInterval         1

        DOSSiteInterval         1

        DOSBlockingPeriod       60

        DOSEmailNotify          cs-unixsupportteam@xxxxxxxxx

        DOSWhitelist            10.*.*.* 172.22.*.* 161.112.232.102 161.112.232.103 161.112.232.111 161.112.232.117 161.112.232.221 161.112.232.37

</IfModule>

We’re using apache 2.4.7 on Ubuntu 14.04.05. Please let me know if there is any further information which might be of help in diagnosing this.

I know that mod_evasive is active as I say because it’s reporting the blacklisting of those 10.* IPs, so what am I missing about how to configure it to whitelist these IP ranges please?

Does the module correctly whitelist the other IPs? Can you try something like:

DOSWhitelist 10.*.*.*

DOSWhitelist 172.22.*.*

...

Let me know if anything changes!

Luca