httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Crosland, Jerel" <Jerel.Crosl...@21st.com>
Subject RE: [users@httpd] mod_evasive & mod_rewrite problems
Date Tue, 30 Jan 2007 23:37:21 GMT
I always understood mod_evasive and mod_security to be complementary.
Can I use mod_security to provide all of the functionality (handling
DDoS attacks) that mod_evasive provides?
 

Jerel Crosland
x3187


Donald Duck comics were once banned in Finland because he didn't wear
pants.


 

________________________________

From: Dave Templeton [mailto:datempleton@gmail.com] 
Sent: Tuesday, January 30, 2007 2:07 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] mod_evasive & mod_rewrite problems


Jerel,
        I am not to familiar with mod_evasive but after a quick read opn
it  I wondered if you had considered mod_security. The newest vesion is
really a nice piece of work and we have been using mod_security in our
production web server farm for 18+ months with no rewrite conflicts. 
Dave.

 
On 1/30/07, Crosland, Jerel <Jerel.Crosland@21st.com> wrote: 

	We are running IBM HTTP Server version 2.0.47, which is Apache
2.0.47 repackaged with SSL already configured, etc. as a front end to a
Websphere back-end. We make extensive use of mod_rewrite. While
hardening our Apache servers we installed mod_evasive, but it does not
intercept the calls before mod_rewrite gets them. I sent an email to
Jonathan Zdziarski, who is the author of mod_evasive, and his reply was
that he'd heard of problems with mod_rewrite and mod_evasive together,
but he had no idea how to fix them. 

	Has anyone else ever had this problem? Any ideas how to track it
down and fix it? I even tried changing the hooking for mod_evasive but
it never took precedence. Wouldn't this be what you want? 

	Jerel Crosland 
	x3187 

	I've never been an intellectual but I have this look.Woody Allen



	
***********************************************************************
This e-mail and any files transmitted with it are intended solely for
the use of the addressee. This e-mail may contain confidential and/or
legally privileged information. Any review, transmission, disclosure,
copying, or any action taken or not taken, by other than the intended
recipient, in reliance on the information, is prohibited. If you
received this e-mail in error, notify the sender and delete this e-mail
(and any accompanying material) from your computer and network. In
addition, please be advised that 21st Century Insurance Group reserves
the right to monitor, access and review all messages, data and images
transmitted through our electronic mail system. By using our e-mail
system, you consent to this monitoring.
*********************************************************************** 




***********************************************************************
This e-mail and any files transmitted with it are intended 
solely for the use of the addressee.  This e-mail may 
contain confidential and/or legally privileged information.  
Any review, transmission, disclosure, copying, or any action 
taken or not taken, by other than the intended recipient, in 
reliance on the information, is prohibited.  If you received 
this e-mail in error, notify the sender and delete this e-mail 
(and any accompanying material) from your computer and
network. In addition, please be advised that 21st Century 
Insurance Group reserves the right to monitor, access and 
review all messages, data and images transmitted through 
our electronic mail system. By using our e-mail system, you 
consent to this monitoring. 
***********************************************************************


Mime
View raw message