#New ADVX macros %define ADVXdir %{_datadir}/ADVX %{expand:%(cat %{ADVXdir}/ADVX-build)} %{expand:%%define apache_version %(rpm -q apache-devel|sed 's/apache-devel-\([0-9].*\)-.*$/\1/')} %{expand:%%define apache_release %(rpm -q apache-devel|sed 's/apache-devel-[0-9].*-\(.*\)$/\1/')} %{expand:%%define mm_major %(mm-config --version|sed 's/MM \([0-9]\)\.\([0-9.].*\) \(.*\)$/\1/')} %{expand:%%define mm_minor %(mm-config --version|sed 's/MM \([0-9]\)\.\([0-9.].*\) \(.*\)$/\2/')} %define mm_version %{mm_major}.%{mm_minor} %define name mod_dosevasive %define version 1.9 %define release 1mdk Summary: Apache DoS Evasive Maneuvers Module Name: %{name} Version: %{version} Release: %{release} Group: System/Servers URL: http://www.networkdweebs.com/stuff/security.html Source0: mod_dosevasive.%{version}.tar.bz2 License: Apache License Prereq: apache = %{apache_version} Prereq: apache-common >= %{apache_version} Prereq: apache-conf >= %{apache_version} Prereq: mm = %{mm_major}.%{mm_minor} BuildRequires: ADVX-build >= 1.2 BuildRequires: apache-devel Provides: ADVXpackage Provides: AP13package BuildRoot: %{_tmppath}/%{name}-root %description A module for Apache 1.3 giving Apache the ability to fend off request-based DoS attacks conserving your system resources and bandwidth. This new tool maintains an internal table of IP addresses and URLs and will deny repeated requests for the same URL from the same IP address, blacklisting the address for 10-seconds per extraneous request. Obviously, this module will not fend off attacks consuming all available bandwidth or more resources than are available to send 403's, but is very successful in typical flood attacks or cgi flood attacks. %prep %setup -q -n mod_dosevasive rm -rf .libs %build %{_sbindir}/apxs -L%{_libdir} -lgdbm -lpthread \ -lm -lcrypt -ldb -lmm -ldl -c mod_dosevasive.c %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} mkdir -p $RPM_BUILD_ROOT%{_libdir}/apache-extramodules install -m 755 mod_dosevasive.so $RPM_BUILD_ROOT%{_libdir}/apache-extramodules %pre #Check config file sanity %AP13pre %post if [ $1 = "1" ]; then #We're in Install mode, add module to the config files for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then %{_sbindir}/advxaddmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done %ADVXpost fi if [ $1 -gt 1 ]; then #We're in *upgrade mode*. Since we can't be sure the configuration files #are sane, remove module from the conf files to clean them, re-add again #in a way that the older module we're replacing won't try to erase (the #post scripts were broken on some packages), and finally clean the module #specific config file so it's compatible with the upgrade. for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then %{_sbindir}/advxdelmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE $config fi if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then %{_sbindir}/advxaddmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done %ADVXpost fi %postun if [ $1 = "0" ]; then for config in %{ap_base}/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then %{_sbindir}/advxdelmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done %ADVXpost fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc README %{_libdir}/apache-extramodules/mod_dosevasive.so %changelog * Sun Nov 09 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.9-1mdk - 1.9 - built for apache 1.3.29 * Tue Sep 16 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.7-2mdk - rebuild with apache 1.3.28 * Sat Aug 23 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.7-1mdk - 1.7 * Thu Feb 13 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.4-2mdk - new macros from ADVX-build * Sat Jan 18 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.4-1mdk - 1.4 - rebuilt against rebuilt buildrequires - follow spec file design as in main * Fri Nov 8 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.3.2-3mdk - Rebuild for Cooker * Fri Nov 8 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.3-2mdk - Rebuild with new apache - Fix module location (that's "apache-extramodules", not just "apache") * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.3-1mdk - new version * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.2-2mdk - don't ship unused patches... * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.2-1mdk - initial cooker contrib