Apache + Mod_evasive : Problem With Test.pl
Hi,
I’m currently experimenting with the mod_evasive module for Apache, to protect the server against potential DoS attacks. Here’s what I did so far.
# yum install mod_evasive
Don’t touch mod_evasive’s default configuration, just restart Apache.
# systemctl restart httpd
The package includes a test.pl script supposed to launch a testing DoS
attack. Unfortunately this script doesn’t seem to work as expected. Here’s the only response I get:
# perl test.pl
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
…
According to the various online tutorials I found, this should more look like:
# perl test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
…
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
…
I tried this on two sandbox machine, one on my LAN, one on a public server, and both times I got the same result.
Any suggestions?
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
13 thoughts on - Apache + Mod_evasive : Problem With Test.pl
Am 09.07.2017 um 13:06 schrieb Nicolas Kovacs:
What does apache log? I guess it logs more than just HTTP status 400.
Alexander
Le 09/07/2017 à 13:17, Alexander Dalloz a écrit :
Unfortunately the Apache logs don’t tell much.
192.168.2.5 – – [09/Jul/2017:13:01:27 +0200] “GET /?91 HTTP/1.0” 400 226
“-” “-”
192.168.2.5 – – [09/Jul/2017:13:01:27 +0200] “GET /?92 HTTP/1.0” 400 226
“-” “-”
192.168.2.5 – – [09/Jul/2017:13:01:27 +0200] “GET /?93 HTTP/1.0” 400 226
“-” “-”
192.168.2.5 – – [09/Jul/2017:13:01:27 +0200] “GET /?94 HTTP/1.0” 400 226
“-” “-”
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Le 09/07/2017 à 13:17, Alexander Dalloz a écrit :
I wonder if something is wrong with the test.pl script. Here’s what I have:
#!/usr/bin/perl
# test.pl: small script to test mod_dosevasive’s effectiveness
use IO::Socket;
use strict;
for(0..20) {
my($response);
my($SOCKET) = new IO::Socket::INET( Proto => “tcp”,
PeerAddr=> “127.0.0.1:80”);
if (! defined $SOCKET) { die $!; }
print $SOCKET “GET /?$_ HTTP/1.0\n\n”;
$response = <$SOCKET>;
print $response;
close($SOCKET);
}
With this script (present in /usr/share/doc/mod_evasive-1.10.1/) I get a
“HTTP/1.1 400 Bad Request” error back on a standard CentOS installation.
Hmmmm. I’m clueless.
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Web : http://www.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
I’ve had the same problem on Ubuntu 16, finally found a solution for me.
Original line:
print $SOCKET “GET /?$_ HTTP/1.0\n\n”;
Re-worked line:
print $SOCKET “GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n”;
Somehow Apache want Host-ip/address from GET requests aswell.
Thanks – I found it wasn’t necessary to add the host but the two sets of \r\n were required to make it work.
Thanks for the tip Mattias. This fixed the problem for me on Amazon Linux as well. Just be careful copy/pasting — the quotation marks need to be straight quotes, not the curly ones presumably converted by this website.
Thanks, modification of Mattias fixed the problem for me.
Jeremy’s comment about upright quotation marks is very important , too.
Hi Mattias,
I found your solution worked for many people. thank you.
But in my case it is saying:
Unrecognized character \xE2; marked by <– HERE after t $SOCKET <– HERE near column 15 at /usr/share/doc/libapache2-mod-evasive/examples/test.pl
If you can provide little help ..
Appreciate in advance:
Gursharan
It is your quotes “…” Don’t copy from website, write the line yourself.
Its problem with ” ”
print $SOCKET “GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n”;
if anyone has found a solution for HTTP/1.1 400 Bad Request problem please contact me
maram_jw@hotmail.com
As suggested by Mattias Bilger, you have to modify original line:
print $SOCKET “GET /?$_ HTTP/1.0\n\n”;
To:
print $SOCKET “GET /?$_ HTTP/1.0\r\nHost: 127.0.0.1\r\n\r\n”;
And all will work as expected.
Have you checked your port address? May be you are requesting on different port address.
In my case, it’s the different port address