mod_evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following: * Requesting the same page more than a few times per second * Making more than 50 concurrent requests on the same child per second * Making any requests while temporarily blacklisted (on a blocking list) To enable it edit /etc/httpd/httpd.conf to have like the following: LoadModule evasive20_module lib/httpd/modules/mod_evasive20.so DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 To test enter the following command: perl /usr/doc/mod_evasive-$VERSION/test.pl | more Which should output some HTTP/1.1 200 OK lines; then HTTP/1.1 403 Forbidden mod_evasive is fully tweakable through the Apache configuration file, see the READE file in /usr/doc/mod_evasive-$VERSION for configuration details.