CentOS 7 中,Apache 2.4 的 mod_evasive 无法正常工作,不能屏蔽IP

CentOS 7 中,Apache 2.4 的 mod_evasive 无法正常工作,不能屏蔽IP,这个问题困扰了我一个月,情况如下,压力测试apache, mod_evasive 会记录攻击者IP, 但通常不能屏蔽ip,好不容易,遇到一次屏蔽,屏蔽时间又不够。找了很多中文文档,都没有找到。

最终看到一个英文的提问,提问者说可能是 mod_evasive 不能和 mpm_prefork,一起正常工作。

Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?

修改mpm为mpm_worker以后,奇迹发生了。一切正常了。

It looks like the counters used by mod_evasive are not shared between processes. Hence each time mpm_prefork spawns a new process, the counters are back to 0.

One way to make mod_evasive work with mpm_prefork is hence to have:

StartServers = MaxRequestWorkers = MaxSpareServers (so all processes are created at startup and no new process will be created or killed)
MaxConnectionsPerChild 0 (So processes won't be recycled. However this can be dangerous in case of memory leak so you should use a large value instead of 0)
Divide DOSPageCount and DOSSiteCount by the number of server processes
This is only based on the behavior I could observe on my own server and should be carefully tested.

 

参考:

https://serverfault.com/questions/679928/apache-mod-evasive-with-mpm-prefork-settings-to-work

https://stackoverflow.com/questions/37443133/mod-evasive-is-not-blocking-ips-causing-dos-but-is-logging-them

修改时间 2019-03-14

真诚赞赏,手留余香
赞赏
随机推荐
什么是DDD领域驱动设计?
Div 高度为 0 解决方法
20170313 夜晚停电
Wordpress 调用随机文章的方法
CentOS 添加 Swap 交换文件
文件上传进度
在IIS7中使用ARR(Application Request Routing)反向代理
MySQL中SELECT COUNT()速度很慢的情况
Nginx location 匹配顺序
Ecshop二次开发之后台添加新栏目