<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="fr">
	<id>https://wikiold.home.tartarefr.eu/index.php?action=history&amp;feed=atom&amp;title=Webserver%2FApache%2FModules%2FEvasive</id>
	<title>Webserver/Apache/Modules/Evasive - Historique des versions</title>
	<link rel="self" type="application/atom+xml" href="https://wikiold.home.tartarefr.eu/index.php?action=history&amp;feed=atom&amp;title=Webserver%2FApache%2FModules%2FEvasive"/>
	<link rel="alternate" type="text/html" href="https://wikiold.home.tartarefr.eu/index.php?title=Webserver/Apache/Modules/Evasive&amp;action=history"/>
	<updated>2026-07-07T18:41:48Z</updated>
	<subtitle>Historique des versions pour cette page sur le wiki</subtitle>
	<generator>MediaWiki 1.43.8</generator>
	<entry>
		<id>https://wikiold.home.tartarefr.eu/index.php?title=Webserver/Apache/Modules/Evasive&amp;diff=2700&amp;oldid=prev</id>
		<title>Didier : Page créée avec « {{ApacheModule|name=mod_geoip|desc=permet de contrer les attaques DOS.   Celui-ci est par exemple capable de détecter lorsqu&#039;un utilisateur demande un trop grand nombre d... »</title>
		<link rel="alternate" type="text/html" href="https://wikiold.home.tartarefr.eu/index.php?title=Webserver/Apache/Modules/Evasive&amp;diff=2700&amp;oldid=prev"/>
		<updated>2014-05-12T12:37:23Z</updated>

		<summary type="html">&lt;p&gt;Page créée avec « {{ApacheModule|name=mod_geoip|desc=permet de contrer les attaques DOS.   Celui-ci est par exemple capable de détecter lorsqu&amp;#039;un utilisateur demande un trop grand nombre d... »&lt;/p&gt;
&lt;p&gt;&lt;b&gt;Nouvelle page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{ApacheModule|name=mod_geoip|desc=permet de contrer les attaques DOS. &lt;br /&gt;
&lt;br /&gt;
Celui-ci est par exemple capable de détecter lorsqu&amp;#039;un utilisateur demande un trop grand nombre de pages sur un site web, sur un délai de temps très court.}}&lt;br /&gt;
&lt;br /&gt;
== Installation ==&lt;br /&gt;
&amp;lt;pre&amp;gt;yum install mod_evasive&amp;lt;/pre&amp;gt;&lt;br /&gt;
Fichier de configuration &amp;lt;path&amp;gt;/etc/httpd/conf.d/mod_evasive.conf&amp;lt;/path&amp;gt;&lt;br /&gt;
&amp;lt;syntaxhighlight lang=&amp;quot;apache&amp;quot;&amp;gt;&lt;br /&gt;
# mod_evasive configuration&lt;br /&gt;
LoadModule evasive20_module modules/mod_evasive24.so&lt;br /&gt;
&lt;br /&gt;
&amp;lt;IfModule mod_evasive20.c&amp;gt;&lt;br /&gt;
    # The hash table size defines the number of top-level nodes for each&lt;br /&gt;
    # child&amp;#039;s hash table.  Increasing this number will provide faster&lt;br /&gt;
    # performance by decreasing the number of iterations required to get to the&lt;br /&gt;
    # record, but consume more memory for table space.  You should increase&lt;br /&gt;
    # this if you have a busy web server.  The value you specify will&lt;br /&gt;
    # automatically be tiered up to the next prime number in the primes list&lt;br /&gt;
    # (see mod_evasive.c for a list of primes used).&lt;br /&gt;
    DOSHashTableSize    3097&lt;br /&gt;
&lt;br /&gt;
    # This is the threshhold for the number of requests for the same page (or&lt;br /&gt;
    # URI) per page interval.  Once the threshhold for that interval has been&lt;br /&gt;
    # exceeded, the IP address of the client will be added to the blocking&lt;br /&gt;
    # list.&lt;br /&gt;
    DOSPageCount        2&lt;br /&gt;
&lt;br /&gt;
    # This is the threshhold for the total number of requests for any object by&lt;br /&gt;
    # the same client on the same listener per site interval.  Once the&lt;br /&gt;
    # threshhold for that interval has been exceeded, the IP address of the&lt;br /&gt;
    # client will be added to the blocking list.&lt;br /&gt;
    DOSSiteCount        50&lt;br /&gt;
&lt;br /&gt;
    # The interval for the page count threshhold; defaults to 1 second&lt;br /&gt;
    # intervals.&lt;br /&gt;
    DOSPageInterval     1&lt;br /&gt;
&lt;br /&gt;
    # The interval for the site count threshhold; defaults to 1 second&lt;br /&gt;
    # intervals.&lt;br /&gt;
    DOSSiteInterval     1&lt;br /&gt;
&lt;br /&gt;
    # The blocking period is the amount of time (in seconds) that a client will&lt;br /&gt;
    # be blocked for if they are added to the blocking list.  During this time,&lt;br /&gt;
    # all subsequent requests from the client will result in a 403 (Forbidden)&lt;br /&gt;
    # and the timer being reset (e.g. another 10 seconds).  Since the timer is&lt;br /&gt;
    # reset for every subsequent request, it is not necessary to have a long&lt;br /&gt;
    # blocking period; in the event of a DoS attack, this timer will keep&lt;br /&gt;
    # getting reset.&lt;br /&gt;
    DOSBlockingPeriod   10&lt;br /&gt;
&lt;br /&gt;
    # If this value is set, an email will be sent to the address specified&lt;br /&gt;
    # whenever an IP address becomes blacklisted.  A locking mechanism using&lt;br /&gt;
    # /tmp prevents continuous emails from being sent.&lt;br /&gt;
    #&lt;br /&gt;
    # NOTE: Requires /bin/mail (provided by mailx)&lt;br /&gt;
    DOSEmailNotify      root@didier.dnsdynamic.net&lt;br /&gt;
&lt;br /&gt;
    # If this value is set, the system command specified will be executed&lt;br /&gt;
    # whenever an IP address becomes blacklisted.  This is designed to enable&lt;br /&gt;
    # system calls to ip filter or other tools.  A locking mechanism using /tmp&lt;br /&gt;
    # prevents continuous system calls.  Use %s to denote the IP address of the&lt;br /&gt;
    # blacklisted IP.&lt;br /&gt;
    #DOSSystemCommand    &amp;quot;su - someuser -c &amp;#039;/sbin/... %s ...&amp;#039;&amp;quot;&lt;br /&gt;
&lt;br /&gt;
    # Choose an alternative temp directory By default &amp;quot;/tmp&amp;quot; will be used for&lt;br /&gt;
    # locking mechanism, which opens some security issues if your system is&lt;br /&gt;
    # open to shell users.&lt;br /&gt;
    #&lt;br /&gt;
    #   http://security.lss.hr/index.php?page=details&amp;amp;ID=LSS-2005-01-01&lt;br /&gt;
    #&lt;br /&gt;
    # In the event you have nonprivileged shell users, you&amp;#039;ll want to create a&lt;br /&gt;
    # directory writable only to the user Apache is running as (usually root),&lt;br /&gt;
    # then set this in your httpd.conf.&lt;br /&gt;
    DOSLogDir           &amp;quot;/var/lib/mod_evasive&amp;quot;&lt;br /&gt;
&lt;br /&gt;
    # You can use whitelists to disable the module for certain ranges of&lt;br /&gt;
    # IPs. Wildcards can be used on up to the last 3 octets if necessary.  &lt;br /&gt;
    # Multiple DOSWhitelist commands may be used in the configuration.&lt;br /&gt;
    DOSWhitelist   127.0.0.1&lt;br /&gt;
    DOSWhitelist   192.168.1.*&lt;br /&gt;
&amp;lt;/IfModule&amp;gt;&lt;br /&gt;
&amp;lt;/syntaxhighlight&amp;gt;&lt;br /&gt;
&lt;br /&gt;
== Test du module ==&lt;br /&gt;
&lt;br /&gt;
On baisse volontairement les valeurs pour que le module reconnaisse une attaque DOS à chaque chargement de page. Le répertoire &amp;lt;path&amp;gt;/var/lib/mod_evasive&amp;lt;/path&amp;gt; devrait alors se remplir.&lt;br /&gt;
&lt;br /&gt;
== Nettoyage périodique ==&lt;br /&gt;
&lt;br /&gt;
On fait une tâche planifiée pour vider le répertoire correspondant à la variable &amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;DOSLogDir&amp;#039;&amp;#039;&amp;#039;&amp;#039;&amp;#039;: &amp;lt;path&amp;gt;/etc/cron.daily/purge-mod_evasive&amp;lt;/path&amp;gt;&lt;br /&gt;
&amp;lt;pre&amp;gt;&lt;br /&gt;
#!/bin/bash&lt;br /&gt;
find /var/lib/mod_evasive -mtime +1 -type f -exec rm -f &amp;#039;{}&amp;#039; \;&lt;br /&gt;
&amp;lt;/pre&amp;gt;&lt;/div&gt;</summary>
		<author><name>Didier</name></author>
	</entry>
</feed>