%define name mod_dosevasive %define version 1.10 %define apache_version 1.3.33 %define release 2mdk Summary: Apache DoS Evasive Maneuvers Module Name: %{name} Version: %{version} Release: %{release} Group: System/Servers License: Apache License URL: http://www.nuclearelephant.com/projects/dosevasive/ Source0: http://www.nuclearelephant.com/projects/dosevasive/%{name}_%{version}.tar.bz2 Prereq: apache = %{apache_version} Prereq: apache-common >= %{apache_version} Prereq: apache-conf >= %{apache_version} BuildRequires: apache-devel BuildRoot: %{_tmppath}/%{name}-root %description A module for Apache 1.3 giving Apache the ability to fend off request-based DoS attacks conserving your system resources and bandwidth. This new tool maintains an internal table of IP addresses and URLs and will deny repeated requests for the same URL from the same IP address, blacklisting the address for 10-seconds per extraneous request. Obviously, this module will not fend off attacks consuming all available bandwidth or more resources than are available to send 403's, but is very successful in typical flood attacks or cgi flood attacks. %prep %setup -q -n mod_dosevasive rm -rf .libs %build %{_sbindir}/apxs -L%{_libdir} -lgdbm -lpthread \ -lm -lcrypt -ldb -lmm -ldl -c mod_dosevasive.c %install [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} install -d %{buildroot}%{_libdir}/apache-extramodules install -m0755 mod_dosevasive.so %{buildroot}%{_libdir}/apache-extramodules %pre #Check config file sanity if [ -e %{_sbindir}/ap13chkconfig ]; then %{_sbindir}/ap13chkconfig;fi %post if [ $1 = "1" ]; then #We're in Install mode, add module to the config files for config in %{_sysconfdir}/httpd/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then %{_sbindir}/advxaddmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done if [ -e %{_sbindir}/ADVXctl ]; then %{_sbindir}/ADVXctl update;fi fi if [ $1 -gt 1 ]; then #We're in *upgrade mode*. Since we can't be sure the configuration files #are sane, remove module from the conf files to clean them, re-add again #in a way that the older module we're replacing won't try to erase (the #post scripts were broken on some packages), and finally clean the module #specific config file so it's compatible with the upgrade. for config in %{_sysconfdir}/httpd/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then %{_sbindir}/advxdelmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE $config fi if [ -x %{_sbindir}/advxaddmod -a -e $config ]; then %{_sbindir}/advxaddmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done if [ -e %{_sbindir}/ADVXctl ]; then %{_sbindir}/ADVXctl update;fi fi %postun if [ $1 = "0" ]; then for config in %{_sysconfdir}/httpd/conf/{httpd,httpd-perl}.conf; do if [ -x %{_sbindir}/advxdelmod -a -e $config ]; then %{_sbindir}/advxdelmod $config \ extramodules/mod_dosevasive.so mod_dosevasive.c dosevasive_module \ define=HAVE_DOSEVASIVE fi done if [ -e %{_sbindir}/ADVXctl ]; then %{_sbindir}/ADVXctl update;fi fi %clean [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} %files %defattr(-,root,root) %doc README %attr(0755,root,root) %{_libdir}/apache-extramodules/mod_dosevasive.so %changelog * Tue Feb 15 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 1.10-2mdk - spec file cleanups, remove the ADVX-build stuff * Tue Jan 18 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 1.10-1mdk - 1.10 - cleanups * Sun Nov 21 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.9-4mdk - built for apache 1.3.33 * Tue Jul 13 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.9-3mdk - remove redundant provides * Thu Jun 10 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.9-2mdk - built for apache 1.3.31 * Sun Nov 09 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.9-1mdk - 1.9 - built for apache 1.3.29 * Tue Sep 16 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.7-2mdk - rebuild with apache 1.3.28 * Sat Aug 23 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.7-1mdk - 1.7 * Thu Feb 13 2003 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.4-2mdk - new macros from ADVX-build * Sat Jan 18 2003 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.4-1mdk - 1.4 - rebuilt against rebuilt buildrequires - follow spec file design as in main * Fri Nov 8 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.3.2-3mdk - Rebuild for Cooker * Fri Nov 8 2002 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.3-2mdk - Rebuild with new apache - Fix module location (that's "apache-extramodules", not just "apache") * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.3-1mdk - new version * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.2-2mdk - don't ship unused patches... * Wed Oct 30 2002 Oden Eriksson <oden.eriksson@kvikkjokk.net> 1.2-1mdk - initial cooker contrib