mod_evasive not working on Apache 2.4.6 - apache

I am trying to configure mod_evasive for Apache 2.4.6 on CentOS, release 7.5.1804. I got clean install of CentOS, with clean install of Apache without serving any pages or anything (just example index.html saying hello world), and I installed mod_evasive using this tutorial: https://www.digitalocean.com/community/tutorials/how-to-protect-against-dos-and-ddos-with-mod_evasive-for-apache-on-centos-7
Everything works fine, unless i have to run the testing script which should send requests to server and get 403 error because of mod_evasive. Instead, I am getting 400 Bad Request.
I switched firewalld for IPtables, and I have port 80 open, in fact, the example page works ok from browser. Also, SELinux mode is set to permissive.
Any suggestions?

You will most likely have to change the perl script (usually saved in /usr/share/doc/libapache2-mod-evasive/examples/test.pl) to make this work, e.g.
Original line:
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
Re-worked line:
print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";
From https://centosfaq.org/centos/apache-mod_evasive-problem-with-testpl/

The issue was not with mod_evasive or its configuration. In my case I had to tweak the configuration of mpm_prefork_module like below to get mod_evasive configuration to work:
StartServers 10
MinSpareServers 10
MaxSpareServers 10
MaxRequestWorkers 80
MaxConnectionsPerChild 0
Basically fix the number of servers to constant by setting StartServers = MinSpareServers = MaxSpareServers = {your_magic_number} and set MaxConnectionsPerChild=0, so that no new server processes are spawned and no re-cycling of connections happen, allowing Child to hold infinitely many concurrent connections.
Hope this saves your day!

After a few days, I found that there was an error in testing script provided with mod_evasive...
I corrected it and found out that installation was ok.

Related

Apache2 will only serve small files

I just know this is one of those questions where the solution should have been obvious and I'm going to feel like an idiot but I'm stuck.
I've set up a basic apache2 web sever under openSUSE Leap 15.1 on my LAN with a single virtual host (for the moment).
If I create a simple html file of 255 bytes or less a browser on another workstation picks it up without problem. If the file gets to anything larger than 255 bytes apache doesn't serve it. The GET request shows up on the server but nothing shows in Firefox, Konqueror at least gives me a 1b Object not found error.
I should say that running a browser on the server itself shows all these files perfectly well should I use 127.0.0.1, localhost or the server name in the URL.
Is this an Apache2 directive I've missed or something else entirely?
After setting the LogLevel to trace1 and then hunting around on the web I came across what appears to be the solution. Set the Apache directive ...
EnableSendfile Off
Apparently Apache is compiled with this set to On and the kernel sendfile doesn't do the job. Not a detailed explanation I know but I haven't followed this all the way through - I just needed to get Apache working!

time telnet apache 2.4.33 centOS7

When I am trying to time telnet XX.XX.XX.XX 80 my apache 2.4.6 server on centOS7 the result is 51 sec.
I manage to lower it with reqtimeout_module using
RequestReadTimeout header=1
RequestReadTimeout body=1
but its never less than 32 sec. Found info, about this, is a known bug on 2.4.6 (if I understand it correctly) and 30sec is hardcoded and can't be changed.
so I update it to 2.4.33 but nothing changed. Is there any way to make this time lower?
You can set AcceptFilter http none inside /etc/httpd/conf/httpd.conf.
By default, on Linux AcceptFilter is using the TCP_DEFER_ACCEPT socket option (from manpages):
TCP_DEFER_ACCEPT (since Linux 2.4)
Allow a listener to be awakened only when data arrives on the
socket. Takes an integer value (seconds), this can bound the
maximum number of attempts TCP will make to complete the
connection. This option should not be used in code intended
to be portable.
The default value for that option on centos7 seems to be 30 (see this answer).
Another way to do that is by using apache-module-sockopts:
LoadModule sockopts_module libexec/mod_sockopts.so
AddModule mod_sockopts.c
<IfModule mod_sockopts.c>
# TCP_DEFER_ACCEPT
SoTcpDeferAccept 20
</IfModule>

apache requests very slow after using ProxyPass

So I'm running Tomcat(8.0) behind Apache(2.4) on Windows Server 2012 and using ProxyPass to pass through all traffic. Everything works fine, but whenever I do nothing for 60 seconds, and then hit the server again, i get a 8-20 second delay, like apache is creating a new process to handle the request.
My configuration is pretty much the default that comes with Apache Haus, with the addition of the proxy stuff, which I believe is the culprit:
ProxyPass /static/ !
ProxyPass / http://localhost:8088/
ProxyPassReverse / http://localhost:8088/
I added the
/static/ !
exemption to see if same problem would happen on static files being served, and apparently it does. I further narrowed it down by commenting out all the ProxyPass stuff, and verifying my static file always loads fast. Then i uncommented ProxyPass stuff, and only requested my static file, and it again always returned fast. But once I hit a URL that takes me through the proxy, wait a minute, then hit it again, something goes horribly wrong. Below is network monitor output for two requests, first of the static file being requested a second time after a 1 minute delay before proxy use, the other after the proxy had been used twice with delay between proxy requests.
3501 4:17:48 PM 10/21/2015 104.2752287 httpd.exe HTTP HTTP:Request, GET /static/index.html
3502 4:17:48 PM 10/21/2015 104.2760830 httpd.exe HTTP HTTP:Response, HTTP/1.1, Status: Not modified, URL: /static/index.html
After (8 seconds to return):
24232 4:26:13 PM 10/21/2015 608.7355960 httpd.exe HTTP HTTP:Request, GET /static/index.html
24775 4:26:20 PM 10/21/2015 616.0896861 httpd.exe HTTP HTTP:Response, HTTP/1.1, Status: Not modified, URL: /static/index.html
I'm noticing more of this SynReTransmit line after it was initially broken, not sure if it's relevant:
24226 4:26:13 PM 10/21/2015 608.7286692 httpd.exe TCP TCP:[SynReTransmit #24107]Flags=......S., SrcPort=61726, DstPort=HTTP(80), PayloadLen=0, Seq=1157444168, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192
But basically every call, be it to static file or over proxy, if it's been over 60 seconds since the last call, will take forever to get a response!
Any ideas?
UPDATE:
I was running a slightly older version of Apache, 2.4.12, but updating to latest, 2.4.17, didn't fix it. I've tried all sorts of keepalive settings, nothing seems to help. On another forum i was directed at this apache dev thread which has a proposed patch for what sounds like a similar issue, guess I'll wait for an apache update:
http://marc.info/?l=apache-httpd-dev&m=144543644225945&w=2
Try explicitly tuning the ProxyReceiveBufferSize:
# For increase throughput (bytes)
ProxyReceiveBufferSize 2048
In httpd config, add these follow lines:
AcceptFilter http none
AcceptFilter https none
EnableSendfile Off
EnableMMAP off
right after this line:
Listen 80
My response get less than 2 time but it still quite slow than normal.
From https://www.apachelounge.com/viewtopic.php?p=26601
I was using Apache httpd as reverse proxy and it was drastically slow (2 mins to load a single web page). But, as soon as changed the hostname to IP address it was super fast.
before:
ProxyPass "/home" "http://hostname.domain.com:port/home"
After:
ProxyPass "/home" "http://ip:port/home"
Hope it helps someone.

How to check final Apache HTTPD Server configuration values

I am trying to configure Apache to handle a larger number of requests on Ubuntu 14.04. I have done so by adding the following to /etc/apache2/httpd.conf
MaxKeepAliveRequests 500
ServerLimit 20
StartServers 2
MaxRequestWorkers 1000
ThreadsPerChild 50
This doesn't seem to be having the desired affect as I am still receiving the error message "server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers settings"
I would like to confirm that I have set the values correctly and that they are not being overridden anywhere else by checking what values Apache actually has for those settings. Is this possible with Apache?
As it turns out, I missed that httpd.conf is not included/sourced in apache2.conf by default :-/

Apache, FastCGI - Error 503

It was pointed out to me that my server is insecure, because anyone could read any file through PHP, even if it was out of his DocumentRoot.
I decided to reconfigure whole apache and all configuration files for virtual hosts and installed Mod FastCGI and I managed to get it running quite nicely, I don't have problems with rights anymore.
But there seems to be another problem. When I try to load more than 3 sites (on different VirtualHosts => different users on different threads) page loads for a while and than crashes on "Error 503: Service Temporarily Unavailable".
I tried increasing PHP_FCGI_CHILDREN var from my default setting for all VirtualHosts which is 0 to higher numbers, but without luck. I also tried to set KeepAlive var in my apache2.conf to Off as I read in some tutorial, but it seems like nothing helps.
Does anyone know how to resolve this issue? [My Apache error.log and suexec.log is empty.]
Found the answer to my own question. There are few more settings I overlooked.
FcgidMaxProcesses 15
FcgidFixPathinfo 1
FcgidProcessLifeTime 0
FcgidTimeScore 3
FcgidZombieScanInterval 10
FcgidMaxRequestsPerProcess 0
FcgidMaxRequestLen 33554432
FcgidIOTimeout 60
Those are my settings in apache.conf and everythings works as expected.