I am trying to integrate mod_evasive with httpd on centos7. Module is installed and getting loaded by httpd upon restart. However, it is not picking up the parameters specified in /etc/httpd/conf.d/mod_evasive.conf file as specified below.
LoadModule evasive20_module modules/mod_evasive24.so
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 20
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSEmailNotify [email protected]
DOSLogDir "/var/log/mod_evasive"
</IfModule>
I am testing the performance by one perl script as-
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive's effectiveness
use IO::Socket;
use strict;
for(0..300) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => "tcp",
PeerAddr=> "172.31.19.247:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
Command executed by me is perl test.pl > sample.txt
In sample.txt, I'm getting HTTP/1.1 200 OK for first 120 requests and HTTP/1.1 403 Forbidden for all the remaining requests. But as per my understanding, the configuration set, It should have to start denying beyond 50 requests as specified in DOSSiteCount in mod_evasive.conf file. Am I missing something here?