Results 1 to 13 of 13

Thread: mod_dosevasive

  1. #1
    Join Date
    Mar 2005
    Posts
    196

    mod_dosevasive

    mod_dosevasive is blocking some gallery pictures loading, it gives sometimes 403 errors. How can that be fixed?

    My current setting are:

    <IfModule mod_dosevasive.c>
    DOSHashTableSize 3097
    DOSPageCount 5
    DOSSiteCount 100
    DOSPageInterval 2
    DOSSiteInterval 2
    DOSBlockingPeriod 600
    </IfModule>

  2. #2
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    Can you show the log entry from /var/log/messages*

    That should tell you why it's being blocked.

    I just saw someone with vBulletin getting blocks when there are two redirects to the same page after a posting. That triggered mod_dosevasive when they come to the same child. (KeepAlive made sure of that.)
    Specializing in MySQL and website tuning for high traffic sites. cmwsci.com/

  3. #3
    Join Date
    Mar 2005
    Posts
    196
    Originally posted by sailorFred
    Can you show the log entry from /var/log/messages*

    That should tell you why it's being blocked.

    I just saw someone with vBulletin getting blocks when there are two redirects to the same page after a posting. That triggered mod_dosevasive when they come to the same child. (KeepAlive made sure of that.)
    imagedestroy(): supplied argument is not a valid Image resource in xxxxxxxxxxxxxxxxxxxxx

    [Fri Oct 21 12:46:38 2005] [error] [client xxxxxxx] client denied by server configuration: /home/xxxxxx/public_html/xxxx/index.php
    [Fri Oct 21 12:46:38 2005] [error] [client xxxxxxxx] File does not exist: /home/xxxxxx/public_html/403.shtml

  4. #4
    Join Date
    Mar 2005
    Posts
    196
    By the way, always 20 first loaded pictures appear.

  5. #5
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    Here's a page describing what the settings mean:

    http://www.theserverpages.com/20303/22/

    If you're supplying pictures for galleries, you probably want to increase your DOSSiteCount to something that's reasonable for the number of pictures on a page. You're showing 100 already, which seems enough.

    You have restarted Apache, I presume, to get the new values?
    Specializing in MySQL and website tuning for high traffic sites. cmwsci.com/

  6. #6
    Join Date
    Mar 2005
    Posts
    196
    Originally posted by sailorFred
    Here's a page describing what the settings mean:

    http://www.theserverpages.com/20303/22/

    If you're supplying pictures for galleries, you probably want to increase your DOSSiteCount to something that's reasonable for the number of pictures on a page. You're showing 100 already, which seems enough.

    You have restarted Apache, I presume, to get the new values?
    Well I have restarted Apache but pictures still stop loading on 20

  7. #7
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    Try disabling mod_dosevasive to verify that this is problem. It might be the bandwidth limiter, or something similar.
    Specializing in MySQL and website tuning for high traffic sites. cmwsci.com/

  8. #8
    Join Date
    Jan 2005
    Posts
    2,203
    Same problem on my forums when the browsers opens many connections to download the images, mod_dosevasive was the culprit. After I removed, it no more 403 errors.

  9. #9
    Join Date
    Mar 2005
    Posts
    196
    Originally posted by ANewDay
    Same problem on my forums when the browsers opens many connections to download the images, mod_dosevasive was the culprit. After I removed, it no more 403 errors.
    Do you use anything else for blocking DoS attacks?
    And how can it be removed safely?

  10. #10
    Join Date
    Apr 2004
    Posts
    44
    Originally posted by sailorFred
    Can you show the log entry from /var/log/messages*

    That should tell you why it's being blocked.

    I just saw someone with vBulletin getting blocks when there are two redirects to the same page after a posting. That triggered mod_dosevasive when they come to the same child. (KeepAlive made sure of that.)
    We've been having that EXACT problem with vbulletin!

    Any solutions?

    For now, we've loosened dosevasive with:
    <IfModule mod_dosevasive.c>
    DOSHashTableSize 3097
    DOSPageCount 15
    DOSSiteCount 100
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 2
    </IfModule>

    Don't know if that'll work yet, till we get complaints. Also don't know if that's enough protection against dos.

  11. #11
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    I upped the DOSPageCount to 4. No complaints since then.
    Specializing in MySQL and website tuning for high traffic sites. cmwsci.com/

  12. #12
    Join Date
    Apr 2004
    Posts
    44
    Originally posted by sailorFred
    I upped the DOSPageCount to 4. No complaints since then.
    Really? I thought the default was 5? That was mentioned in the forums here.

    I guess I'll have to try 5 and see. I'd like it as low as possible w/o messing everything up for real users.

    Thanks for letting me know!

  13. #13
    Join Date
    Apr 2004
    Location
    San Jose
    Posts
    902
    The behavior I saw from the default CPanel installation is 2, as it is documented at www.theserverpages.com/20303/22/
    Specializing in MySQL and website tuning for high traffic sites. cmwsci.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •