Но смущает вот что: если я запускаю на этой же машине тестовый файл test.pl и пишу там 127.0.0.1, то скрипт отрабатывает нормально, т.е. вторая половина ответов идет как HTTP/1.1 403 Forbidden. Но если запускаю test.pl на другом сервере и указываю адрес своего сервера в коде скрипта, то все запросы возвращаются со статусом 200.
Получается, что mod_evasive не работает? Хочется разобраться в чем причина?
Система FreeBSD 7.2
Конфиг httpd.conf
Код: Выделить всё
ServerRoot "/usr/local"
Listen 80
Timeout 10
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule authn_default_module libexec/apache22/mod_authn_default.so
LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so
LoadModule authz_default_module libexec/apache22/mod_authz_default.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
LoadModule file_cache_module libexec/apache22/mod_file_cache.so
LoadModule cache_module libexec/apache22/mod_cache.so
LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so
LoadModule dumpio_module libexec/apache22/mod_dumpio.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule filter_module libexec/apache22/mod_filter.so
LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so
LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so
LoadModule expires_module libexec/apache22/mod_expires.so
LoadModule headers_module libexec/apache22/mod_headers.so
LoadModule usertrack_module libexec/apache22/mod_usertrack.so
LoadModule setenvif_module libexec/apache22/mod_setenvif.so
LoadModule version_module libexec/apache22/mod_version.so
LoadModule ssl_module libexec/apache22/mod_ssl.so
LoadModule mime_module libexec/apache22/mod_mime.so
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule status_module libexec/apache22/mod_status.so
LoadModule autoindex_module libexec/apache22/mod_autoindex.so
LoadModule asis_module libexec/apache22/mod_asis.so
LoadModule info_module libexec/apache22/mod_info.so
LoadModule cgi_module libexec/apache22/mod_cgi.so
LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so
LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so
LoadModule negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so
LoadModule imagemap_module libexec/apache22/mod_imagemap.so
LoadModule actions_module libexec/apache22/mod_actions.so
LoadModule speling_module libexec/apache22/mod_speling.so
LoadModule userdir_module libexec/apache22/mod_userdir.so
LoadModule alias_module libexec/apache22/mod_alias.so
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule php5_module libexec/apache22/libphp5.so
LoadModule fcgid_module libexec/apache22/mod_fcgid.so
LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
LoadModule passenger_module /usr/local/lib/ruby/gems/1.8/gems/passenger-2.2.2/ext/apache2/mod_passenger.so
LoadModule evasive20_module libexec/apache22/mod_evasive20.so
PassengerRoot /usr/local/lib/ruby/gems/1.8/gems/passenger-2.2.2
PassengerRuby /usr/local/bin/ruby18
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600
DOSWhitelist 127.0.0.1
DOSWhitelist 85.192.147.132
DOSEmailNotify *****@ya.ru
DOSSystemCommand "pfctl -t ddos -T add %s"
</IfModule>
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
</IfModule>
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User www
Group www
</IfModule>
</IfModule>
ServerAdmin ****@ya.ru
ServerName ****.ru
DocumentRoot "/home/user/www"
<Directory />
AllowOverride All
Order deny,allow
Allow from all
</Directory>
<Directory "/usr/local/www/apache22/data">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html index.htm
</IfModule>
<IfModule mod_php5.c>
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "|/usr/local/sbin/rotatelogs /var/log/httpd-error.log.%Y 5M"
CustomLog "|/usr/local/sbin/rotatelogs /var/log/httpd-access.%Y 5M" combined
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/www/apache22/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
Include etc/apache22/extra/httpd-autoindex.conf
Include etc/apache22/extra/httpd-userdir.conf
Include etc/apache22/extra/httpd-vhosts.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include etc/apache22/Includes/*.conf
Alias /pma/ "/usr/local/www/phpMyAdmin/"
<Directory "/usr/local/www/phpMyAdmin/">
Options none
AllowOverride Limit
Order Deny,Allow
Deny from all
Allow from all
</Directory>
<location /svn>
DAV svn
SVNListParentPath on
SVNParentPath /home/svn/repos
SVNPathAuthz off
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /home/svn/svn-auth-file
Require valid-user
Allow from 127.0.0.1 10.10.38.155
</location>
Код: Выделить всё
ext_if="ng0"
int_if="vr0"
proxy_if="lo0"
proxy_port="3128"
table <users> { 10.10.38.53 10.10.38.155 10.10.38.201 }
table <ddos> persist
scrub in all
nat on $ext_if from $int_if:network to any -> ($ext_if)
block drop in log quick from <ddos>
pass quick on $int_if proto tcp from any to any port 21 flags S/SA keep state
pass quick on $int_if proto tcp from any to any port > 49151 flags S/SA queue ftp keep state
pass on $int_if proto tcp from any to any port 5522 queue ( ssh, ack ) synproxy state
pass on $ext_if proto tcp from any to any port 5522 queue ( ssh, ack ) synproxy state
pass in on $ext_if proto tcp to $ext_if port www flags S/SA keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <ddos> flush)
pass on $ext_if proto { tcp, udp } from any to any port 53 keep state
pass on $ext_if from any to any keep state
pass on $int_if from any to any keep state
