Apache mod_evasive whitelist is not working properlly.

Asked 2/2, 2016 at 5:59 Answered 3/8, 2020 at 19:35

We have weird situation, we have configured mod_evasive with apache 2.4 on Ubuntu 14. we have added google bot IPs in white list(we are maintaining long list of internal and external IPs in white list). But google IPs are still blocked by mod_evasive.

We have checked mod_evasive functionality, it is working fine(we have tested with Apache benchmark tool by adding IP in whitelist). Following is configuration, Originally IP-66.249.66.5 is part of subnet 66.249.64.0/19, but we have added it with 24 and 32 subnet

   <ifmodule mod_evasive20.c>
   DOSHashTableSize 3097
   DOSPageCount  8
   DOSSiteCount  50
   DOSPageInterval 1
   DOSSiteInterval  3
   DOSBlockingPeriod  600
   DOSLogDir   /var/log/mod_evasive
   DOSEmailNotify  [email protected]
   DOSWhitelist 66.249.66.5 66.249.0.0/16 66.249.64.0/19
   </ifmodule>

   root@ip-10:~# apachectl -M | grep -i ev
    evasive20_module (shared)

Aciculate answered 2/2, 2016 at 5:59 Comment(0)

Based on https://www.linode.com/docs/websites/apache-tips-and-tricks/modevasive-on-apache you should be using wildcards and not subnetting. For example something like the following (which is not exactly what you had with subnetting):

DOSWhitelist 66.249.*.*

Extemporaneous answered 12/10, 2016 at 12:40 Comment(3)

To add to this answer, multiple whitelist ip addresses should be put on separate lines, "DOSWhitelist 1.1.1.1", "DOSWhitelist 2.2.2.2" etc. Separated by new lines, not separated by commas or spaces. – Successful 15/5, 2017 at 15:24

Does 192.168.* work as well, or should it be 192.168.*.*? – Scrod 21/4, 2021 at 15:38

Not sure. You can experiment and let us know here for completeness. – Extemporaneous 22/4, 2021 at 13:6

sometimes you need to block an /17 or /19 and a wildcard doesn't work for this situation. It would be nice if mod_evasive could really handle network subnet specifications.

Cycling answered 3/8, 2020 at 19:35 Comment(0)

Recommended topics

Hot tags