commit apache2-mod_evasive.3067 for openSUSE:13.1:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community,
here is the log from the commit of package apache2-mod_evasive.3067 for openSUSE:13.1:Update checked in at 2014-10-21 08:41:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/apache2-mod_evasive.3067 (Old)
and /work/SRC/openSUSE:13.1:Update/.apache2-mod_evasive.3067.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache2-mod_evasive.3067"
Changes:
--------
New Changes file:
--- /dev/null 2014-09-26 12:09:11.568032006 +0200
+++ /work/SRC/openSUSE:13.1:Update/.apache2-mod_evasive.3067.new/apache2-mod_evasive.changes 2014-10-21 08:41:12.000000000 +0200
@@ -0,0 +1,28 @@
+-------------------------------------------------------------------
+Tue Oct 14 11:56:38 UTC 2014 - pgajdos@suse.com
+
+- fixed module loading [bnc#865567], [bnc#867984]
+
+-------------------------------------------------------------------
+Mon Jan 28 18:47:38 UTC 2013 - dimstar@opensuse.org
+
+- Introduce compatibility with Apache 2.4 (changed API: remote_ip
+ was renamed to client_ip):
+ + apxs2 was moved from %{_sbindir} to %{_bindir}: use "which" to
+ actually find it.
+ + Set apache_branch to $major.$minor, so it can be used for
+ evaluation further down.
+ + set ap_suffix and rename the .so modules to mod_evasive24.so
+ when building for apache 2.4.x API.
+- Fix the requires on apache_mmn: this only worked becuase the
+ Requires was on one line.. but %apache_mmn was always empty.
+
+-------------------------------------------------------------------
+Mon Sep 3 14:54:43 UTC 2012 - jengelh@inai.de
+
+- License clarification in specfile comment
+
+-------------------------------------------------------------------
+Fri Aug 24 20:21:25 UTC 2012 - jengelh@inai.de
+
+- Initial package (version 1.10.1) for build.opensuse.org
New:
----
apache2-mod_evasive.changes
apache2-mod_evasive.spec
mod_evasive.conf
mod_evasive_1.10.1.tar.gz
modev-return.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apache2-mod_evasive.spec ++++++
#
# spec file for package apache2-mod_evasive
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: apache2-mod_evasive
Version: 1.10.1
Release: 0
Summary: Denial of Service evasion module for Apache
License: GPL-2.0+
Group: Productivity/Networking/Web/Servers
#
# Only mod_evasive20.c (GPL-2.0+) is provided in object form.
# mod_evasive.c (GPL-2.0) and mod_evasiveNSAPI.c (non-OSI compliant)
# are merely shipped unmodified, fulfilling their terms.
#
Url: http://zdziarski.com/blog/?page_id=442
Source: http://zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_%version.ta...
Source2: mod_evasive.conf
Patch1: modev-return.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: apache2-devel
BuildRequires: apache2-prefork
BuildRequires: curl-devel
BuildRequires: gcc-c++
BuildRequires: pcre-devel
%define apache_branch %(rpm -q --qf %%{version} apache2 | grep -E -o "2\\.[0-9]+")
%if "%{apache_branch}" == "2.4"
%define ap_suffix 24
%define apxs %{_bindir}/apxs2
%else
%define ap_suffix 20
%define apxs %{_sbindir}/apxs2
%endif
%define apache_libexecdir %(%apxs -q LIBEXECDIR)
%define apache_sysconfdir %(%apxs -q SYSCONFDIR)
%define apache_mmn %(MMN=$(%apxs -q LIBEXECDIR)_MMN; test -x $MMN && $MMN)
Requires: %apache_mmn
Requires: apache2
%description
mod_evasive is an evasive maneuvers module for Apache to provide
evasive action in the event of an HTTP DoS or DDoS attack or brute
force attack. It is also designed to be a detection and network
management tool, and can be easily configured to talk to ipchains,
firewalls, routers, and etcetera. mod_evasive presently reports
abuses via email and syslog facilities.
%prep
%setup -qn mod_evasive
%patch -P 1 -p1
%build
cp -a %{S:2} .
%if %{ap_suffix} == 24
# create apache httpd-2.4 version and compile it
sed 's/connection->remote_ip/connection->client_ip/' \
< mod_evasive20.c > mod_evasive%{ap_suffix}.c
sed -i 's/evasive20_module/evasive24_module/' mod_evasive%{ap_suffix}.c
sed -i 's/evasive20/evasive24/g' mod_evasive.conf
%endif
%apxs -Wc,"%{optflags}" -c mod_evasive%{ap_suffix}.c
%install
b="%buildroot"
mkdir -p "$b/%apache_libexecdir" "$b/%apache_sysconfdir/conf.d"
%apxs -i -S LIBEXECDIR="%buildroot/%apache_libexecdir" \
-n mod_evasive%{ap_suffix}.so mod_evasive%{ap_suffix}.la;
cp -a mod_evasive.conf "$b/%apache_sysconfdir/conf.d/";
perl -i -pe "s{/usr/lib/}{%_libdir/}g" \
"$b/%apache_sysconfdir/conf.d/mod_evasive.conf";
%files
%defattr(-,root,root)
%apache_libexecdir/mod_evasive%{ap_suffix}.so
%config(noreplace) %apache_sysconfdir/conf.d/mod_evasive.conf
%doc CHANGELOG LICENSE README test.pl
%changelog
++++++ mod_evasive.conf ++++++
LoadModule evasive20_module /usr/lib/apache2/mod_evasive20.so
<IfModule mod_evasive20.c>
#
# The hash table size defines the number of top-level nodes for each
# child's hash table. Increasing this number will provide faster
# performance by decreasing the number of iterations required to get to
# the record, but consume more memory for table space. You should
# increase this if you have a busy web server. The value you specify
# will automatically be tiered up to the next prime number in the
# primes list (see mod_evasive.c for a list of primes used).
#
DOSHashTableSize 3097
#
# This is the threshhold for the number of requests for the same page
# (or URI) per page interval. Once the threshhold for that interval has
# been exceeded, the IP address of the client will be added to the
# blocking list.
#
DOSPageCount 2
#
# This is the threshhold for the total number of requests for any
# object by the same client on the same listener per site interval.
# Once the threshhold for that interval has been exceeded, the IP
# address of the client will be added to the blocking list.
#
DOSSiteCount 50
#
# The interval for the page count threshhold; defaults to 1 second
# intervals.
#
DOSPageInterval 1
#
# The interval for the site count threshhold; defaults to 1 second
# intervals.
#
DOSSiteInterval 1
#
# The blocking period is the amount of time (in seconds) that a client
# will be blocked for if they are added to the blocking list. During
# this time, all subsequent requests from the client will result in a
# 403 (Forbidden) and the timer being reset (e.g. another 10 seconds).
# Since the timer is reset for every subsequent request, it is not
# necessary to have a long blocking period; in the event of a DoS
# attack, this timer will keep getting reset.
#
DOSBlockingPeriod 10
#
# If this value is set, an email will be sent to the address specified
# whenever an IP address becomes blacklisted. A locking mechanism using
# /tmp prevents continuous emails from being sent.
#
# NOTE: Requires /bin/mail (provided by mailx)
#
#DOSEmailNotify you@yourdomain.com
#
# If this value is set, the system command specified will be executed
# whenever an IP address becomes blacklisted. This is designed to
# enable system calls to ip filter or other tools. A locking mechanism
# using /tmp prevents continuous system calls. Use %s to denote the IP
# address of the blacklisted IP.
#
#DOSSystemCommand "su - someuser -c '/sbin/... %s ...'"
#
# Choose an alternative temp directory By default "/tmp" will be used
# for locking mechanism, which opens some security issues if your
# system is open to shell users.
#
# http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
#
# In the event you have nonprivileged shell users, you'll want to
# create a directory writable only to the user Apache is running as
# (usually root), then set this in your httpd.conf.
#
#DOSLogDir "/var/lock/mod_evasive"
#
# You can use whitelists to disable the module for certain ranges of
# IPs. Wildcards can be used on up to the last 3 octets if necessary.
# Multiple DOSWhitelist commands may be used in the configuration.
#
#DOSWhitelist 127.0.0.1
#DOSWhitelist 192.168.0.*
</IfModule>
++++++ modev-return.diff ++++++
From: Jan Engelhardt
participants (1)
-
root@hilbert.suse.de