Looking for mod_evasive - availabilty or alternative repo

Support
1

I have several CentOS7 hosts where I run mod_evasive, I get this via the epel repo, but it appears not to be in the epel repo for alma8.

Is there alternative repo? Or an ETA for it to be added to the epel-repo, which I guess is not a question the alma team can directly answer, but any info welcomed.

Thanks.

2

The raven repository has it. The docs say raven-release is in the epel, but I do not see it listed.

You can download and install the raven-release package, and then install mod_evasive.

3

Thanks Joe, got it from the raven repo.
In case others need it here are the steps.

wget https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-2.el8.noarch.rpm

Length: 9284 (9.1K) [application/x-redhat-package-manager]
Saving to: ‘raven-release-1.0-2.el8.noarch.rpm’
raven-release-1.0-2.el8.noarch.rpm         100%[=====================================================================================>]   9.07K  --.-KB/s    in 0s

dnf install raven-release-1.0-2.el8.noarch.rpm


dnf repolist | grep raven
raven               Raven's RPM repo for el8-x86_64 - base
raven-modular       Raven's RPM repo for el8-x86_64 - modular packages

Update and install mod_evasive

dnf update
dnf install mod_evasive.x86_64
Installed:
  mod_evasive-1.10.1-33.el8.x86_64
2 Likes
4

Update.
Initially I couldn’t get this working, I tested using the provided test.pl script, after running it I was getting the “Bad Request” shown below, when working correctly it should be “OK” or “403 Forbidden”, also the email to root was not being sent.

Not as expected test.pl output

perl /usr/share/doc/mod_evasive/test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request

Expected test.pl output

perl /usr/share/doc/mod_evasive/test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

To fix, change the line in test.pl

from this

print $SOCKET "GET /?$_ HTTP/1.0\n\n";

to this

print $SOCKET "GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n";

This fixed it for me, but if you still have issues, check the usual suspects, permissions, logs and selinux.

As side note, there is a school of thought that you shouldn’t use apache modules to do this sort of work, as it not very efficient, it should be done by using IDS/HIDS firewall etc, but for my low volume internal web server it will be fine, but if you have a very busy web server you may want to look at other options.