--- www/mod_evasive/Makefile +++ www/mod_evasive/Makefile @@ -3,11 +3,8 @@ PORTNAME= mod_evasive PORTVERSION= 1.10.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= www security -MASTER_SITES= http://www.zdziarski.com/blog/wp-content/uploads/2010/02/ -DISTNAME= mod_evasive_${PORTVERSION} -DIST_SUBDIR= apache2 MAINTAINER= kiwi@oav.net COMMENT= Apache module to try to protect the HTTP Server from DoS/DDoS attacks @@ -15,9 +12,11 @@ COMMENT= Apache module to try to protect the HTTP Server from DoS/DDoS attacks LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/LICENSE -WRKSRC= ${WRKDIR}/${PORTNAME} - USES= apache:2.2+ +USE_GITHUB= yes + +GH_ACCOUNT= jzdziarski +GH_TAGNAME= ad6e89f AP_FAST_BUILD= yes AP_GENPLIST= yes MODULENAME= ${PORTNAME}20 --- www/mod_evasive/distinfo +++ www/mod_evasive/distinfo @@ -1,2 +1,3 @@ -SHA256 (apache2/mod_evasive_1.10.1.tar.gz) = 07c45139aa313899484a900f0fc162b3e17eb4f60fe474d7f3dd6c9941e95667 -SIZE (apache2/mod_evasive_1.10.1.tar.gz) = 20454 +TIMESTAMP = 1558714532 +SHA256 (jzdziarski-mod_evasive-1.10.1-ad6e89f_GH0.tar.gz) = cbfe4c34416917f6045473354b05a96d5196f19f304fb31a1030b4eefca5385e +SIZE (jzdziarski-mod_evasive-1.10.1-ad6e89f_GH0.tar.gz) = 20294 --- /dev/null +++ www/mod_evasive/files/patch-test.pl @@ -0,0 +1,11 @@ +--- test.pl.orig 2017-02-22 02:33:36 UTC ++++ test.pl +@@ -10,7 +10,7 @@ for(0..100) { + my($SOCKET) = new IO::Socket::INET( Proto => "tcp", + PeerAddr=> "127.0.0.1:80"); + if (! defined $SOCKET) { die $!; } +- print $SOCKET "GET /?$_ HTTP/1.0\n\n"; ++ print $SOCKET "GET /?$_ HTTP/1.0\r\n\r\n"; + $response = <$SOCKET>; + print $response; + close($SOCKET); --- www/mod_evasive/pkg-descr +++ www/mod_evasive/pkg-descr @@ -1,30 +1,7 @@ mod_dosevasive is an evasive maneuvers module for Apache to provide evasive -action in the event of an HTTP DoS or DDoS attack or brute force attack. -It is also designed to be a detection and network management tool, and can be -easily configured to talk to ipchains, firewalls, routers, and etcetera. +action in the event of an HTTP DoS or DDoS attack or brute force attack. It is +also designed to be a detection and network management tool, and can be easily +configured to talk to ipchains, firewalls, routers, and etcetera. mod_dosevasive presently reports abuses via email and syslog facilities. -Detection is performed by creating an internal dynamic hash table of IP -Addresses and URIs, and denying any single IP address from any of the -following: - - * Requesting the same page more than a few times per second - * Making more than 50 concurrent requests on the same child per second - * Making any requests while temporarily blacklisted (on a blocking list) - -This method has worked well in both single-server script attacks as well as -distributed attacks, but just like other evasive tools, is only as useful to -the point of bandwidth and processor consumption (e.g. the amount of bandwidth -and processor required to receive/process/respond to invalid requests), which -is why it's a good idea to integrate this with your firewalls and routers for -maximum protection. - -This module instantiates for each listener individually, and therefore has a -built-in cleanup mechanism and scaling capabilities. Because of this per-child -design, legitimate requests are never compromised (even from proxies and NAT -addresses) but only scripted attacks. Even a user repeatedly clicking on -'reload' should not be affected unless they do it maliciously. mod_dosevasive -is fully tweakable through the Apache configuration file, easy to incorporate -into your web server, and easy to use. - WWW: https://github.com/jzdziarski/mod_evasive