Package: libapache2-mod-evasive Version: 1.10.1-3 Severity: normal Dear Maintainer,
When setting DOSLogDir to a directory writable by www-data, when mod_evasive blocks an IP, it creates a file for each ip address named dos-xx.xx.xx.xx, and it logs the block via syslog as well as sends and email notification if configured to do so, and returns a 403 code for the HTTP request. This all works correctly the first time an IP is blocked. However once the the IP is unblocked (because it stops sending requests for 10 seconds), the dos-xx.xx.xx.xx file is not cleaned up, and mod_evasive no longer handles blocks for that IP correctly. When the dos-xx.xx.xx.xx file already exists for an IP which is to be blocked a second/subsequent time, only the 403 return code is performed, nothing is logged to syslog, and no email notifications are performed. If you manually remove the dos-xx.xx.xx.xx file, mod_evasive will function correctly again (ie. logs/notifies of the block as well). The dos-xx.xx.xx.xx file should be cleaned up when mod_evase unblocks an IP. -- System Information: Debian Release: 9.9 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages libapache2-mod-evasive depends on: ii apache2-bin [apache2-api-20120211] 2.4.25-3+deb9u7 ii bsd-mailx [mailx] 8.1.2-0.20160123cvs-4 ii libc6 2.24-11+deb9u4 libapache2-mod-evasive recommends no packages. libapache2-mod-evasive suggests no packages. -- Configuration Files: /etc/apache2/mods-available/evasive.conf changed [not included] -- no debconf information