CentOS 7 中,Apache 2.4 的 mod_evasive 无法正常工作,不能屏蔽IP

CentOS 7 中,Apache 2.4 的 mod_evasive 无法正常工作,不能屏蔽IP,这个问题困扰了我一个月,情况如下,压力测试apache, mod_evasive 会记录攻击者IP, 但通常不能屏蔽ip,好不容易,遇到一次屏蔽,屏蔽时间又不够。找了很多中文文档,都没有找到。

最终看到一个英文的提问,提问者说可能是 mod_evasive 不能和 mpm_prefork,一起正常工作。

Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?

修改mpm为mpm_worker以后,奇迹发生了。一切正常了。

It looks like the counters used by mod_evasive are not shared between processes. Hence each time mpm_prefork spawns a new process, the counters are back to 0.

One way to make mod_evasive work with mpm_prefork is hence to have:

StartServers = MaxRequestWorkers = MaxSpareServers (so all processes are created at startup and no new process will be created or killed)
MaxConnectionsPerChild 0 (So processes won't be recycled. However this can be dangerous in case of memory leak so you should use a large value instead of 0)
Divide DOSPageCount and DOSSiteCount by the number of server processes
This is only based on the behavior I could observe on my own server and should be carefully tested.

 

参考:

https://serverfault.com/questions/679928/apache-mod-evasive-with-mpm-prefork-settings-to-work

https://stackoverflow.com/questions/37443133/mod-evasive-is-not-blocking-ips-causing-dos-but-is-logging-them

修改时间 2019-03-14

真诚赞赏,手留余香
赞赏
随机推荐
数位板随手画,游戏《饥荒》里的人物
RESTful就是个骗局 (蛤蛤)
函数限流,防止多次触发函数 Debounce 和 Throttle 的原理及实现
PS 插画风格手绘仙人掌
webpack使用vue与cordova
php合成与剪裁图片
CentOS 8 源码编译安装 PHP 和设置 php-fpm
PS快速将图片转为矢量图效果
Simple Model
Webpack使用polyfill打包兼容低版本浏览器