Hi,
I'm currently experimenting with the mod_evasive module for Apache, to
protect the server against potential DoS attacks. Here's what I did so far.
# yum install mod_evasive
Don't touch mod_evasive's default configuration, just restart Apache.
# systemctl restart httpd
The package includes a test.pl script supposed to launch a testing DoS
attack. Unfortunately this script doesn't seem to work as expected.
Here's the only response I get:
# perl test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
...
According to the various online tutorials I found, this should more look
like:
# perl test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
...
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
...
I tried this on two sandbox machine, one on my LAN, one on a public
server, and both times I got the same result.
Any suggestions?
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web : http://www.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
