CentOS - Jul 2017 - Apache + mod_evasive : problem with test.pl

Hi,

I'm currently experimenting with the mod_evasive module for Apache, to
protect the server against potential DoS attacks. Here's what I did so far.

  # yum install mod_evasive

Don't touch mod_evasive's default configuration, just restart Apache.

  # systemctl restart httpd

The package includes a test.pl script supposed to launch a testing DoS
attack. Unfortunately this script doesn't seem to work as expected.
Here's the only response I get:

  # perl test.pl
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  HTTP/1.1 400 Bad Request
  ...

According to the various online tutorials I found, this should more look
like:

  # perl test.pl
  HTTP/1.1 200 OK
  HTTP/1.1 200 OK
  HTTP/1.1 200 OK
  HTTP/1.1 200 OK
  HTTP/1.1 200 OK
  ...
  HTTP/1.1 403 Forbidden
  HTTP/1.1 403 Forbidden
  HTTP/1.1 403 Forbidden
  ...

I tried this on two sandbox machine, one on my LAN, one on a public
server, and both times I got the same result.

Any suggestions?

Niki
-- 
Microlinux - Solutions informatiques durables
7, place de l'?glise - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info at microlinux.fr
T?l. : 04 66 63 10 32

Am 09.07.2017 um 13:06 schrieb Nicolas Kovacs:
> I tried this on two sandbox machine, one on my LAN, one on a public
> server, and both times I got the same result.
> 
> Any suggestions?
> 
> Niki
What does apache log? I guess it logs more than just HTTP status 400.

Alexander

Le 09/07/2017 ? 13:17, Alexander Dalloz a ?crit :
> What does apache log? I guess it logs more than just HTTP status 400.
Unfortunately the Apache logs don't tell much.

192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?91 HTTP/1.0" 400
226
"-" "-"
192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?92 HTTP/1.0" 400
226
"-" "-"
192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?93 HTTP/1.0" 400
226
"-" "-"
192.168.2.5 - - [09/Jul/2017:13:01:27 +0200] "GET /?94 HTTP/1.0" 400
226
"-" "-"

Niki

-- 
Microlinux - Solutions informatiques durables
7, place de l'?glise - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info at microlinux.fr
T?l. : 04 66 63 10 32

Le 09/07/2017 ? 13:17, Alexander Dalloz a ?crit :
> What does apache log? I guess it logs more than just HTTP status 400.
I wonder if something is wrong with the test.pl script. Here's what I have:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;
use strict;

for(0..20) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                      PeerAddr=> "127.0.0.1:80");
  if (! defined $SOCKET) { die $!; }
  print $SOCKET "GET /?$_ HTTP/1.0\n\n";
  $response = <$SOCKET>;
  print $response;
  close($SOCKET);
}

With this script (present in /usr/share/doc/mod_evasive-1.10.1/) I get a
"HTTP/1.1 400 Bad Request" error back on a standard CentOS
installation.

Hmmmm. I'm clueless.

Niki


-- 
Microlinux - Solutions informatiques durables
7, place de l'?glise - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info at microlinux.fr
T?l. : 04 66 63 10 32