admin
CentOS 7 中,Apache 2.4 的 mod_evasive 无法正常工作,不能屏蔽IP,这个问题困扰了我一个月,情况如下,压力测试apache, mod_evasive 会记录攻击者IP, 但通常不能屏蔽ip,好不容易,遇到一次屏蔽,屏蔽时间又不够。找了很多中文文档,都没有找到。
最终看到一个英文的提问,提问者说可能是 mod_evasive 不能和 mpm_prefork,一起正常工作。
Have read that mod_evasive does not work well with the mpm_prefork_module because it uses processes over threads. This is not being used, but mpm_event_module is (not mpm_worker_module). Not sure if this is the problem?
修改mpm为mpm_worker以后,奇迹发生了。一切正常了。
It looks like the counters used by mod_evasive are not shared between processes. Hence each time mpm_prefork spawns a new process, the counters are back to 0.
One way to make mod_evasive work with mpm_prefork is hence to have:
StartServers = MaxRequestWorkers = MaxSpareServers (so all processes are created at startup and no new process will be created or killed)
MaxConnectionsPerChild 0 (So processes won't be recycled. However this can be dangerous in case of memory leak so you should use a large value instead of 0)
Divide DOSPageCount and DOSSiteCount by the number of server processes
This is only based on the behavior I could observe on my own server and should be carefully tested.
参考:
https://serverfault.com/questions/679928/apache-mod-evasive-with-mpm-prefork-settings-to-work
https://stackoverflow.com/questions/37443133/mod-evasive-is-not-blocking-ips-causing-dos-but-is-logging-them
修改时间 2019-03-14
