Package: libapache2-mod-evasive
Version: 1.10.1-3
Severity: normal

Dear Maintainer,

  When setting DOSLogDir to a directory writable by www-data,
when mod_evasive blocks an IP, it creates a file for each ip address
named dos-xx.xx.xx.xx, and it logs the block via syslog as well as
sends and email notification if configured to do so, and returns a
403 code for the HTTP request.  This all works correctly the first
time an IP is blocked.  However once the the IP is unblocked (because
it stops sending requests for 10 seconds), the dos-xx.xx.xx.xx file
is not cleaned up, and mod_evasive no longer handles blocks for that
IP correctly.

When the dos-xx.xx.xx.xx file already exists for an IP which is to be
blocked a second/subsequent time, only the 403 return code is
performed, nothing is logged to syslog, and no email notifications
are performed.  If you manually remove the dos-xx.xx.xx.xx file,
mod_evasive will function correctly again (ie. logs/notifies of the
block as well).

The dos-xx.xx.xx.xx file should be cleaned up when mod_evase unblocks
an IP.

-- System Information:
Debian Release: 9.9
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libapache2-mod-evasive depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.25-3+deb9u7
ii  bsd-mailx [mailx]                   8.1.2-0.20160123cvs-4
ii  libc6                               2.24-11+deb9u4

libapache2-mod-evasive recommends no packages.

libapache2-mod-evasive suggests no packages.

-- Configuration Files:
/etc/apache2/mods-available/evasive.conf changed [not included]

-- no debconf information

Reply via email to