# Apache 2.2.9 mod_evasive does not work

## i0

Hey

I have problem with apache web server and mod_evasive.

mod_evasive just does not work.

/etc/conf.d/apache

```

grep -v "#" /etc/conf.d/apache2 

APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D PHP5 -D EVASIVE -D CHROOT"

PIDFILE=/var/run/apache2.pid

```

Apache is using mpm-itk and mod_chroot.

Apache version is 2.2.9-r1

Chroot and ITK is working ok. But not mod_evasive.

No errors on startup. But test.pl gives HTTP/1.1 200 OK all time.

test.pl (not included with mod_evasive gentoo package)

```

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO::Socket;

use strict;

for(0..100) {

  my($response);

  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",

                                      PeerAddr=> "127.0.0.1:80");

  if (! defined $SOCKET) { die $!; }

  print $SOCKET "GET /?$_ HTTP/1.0\n\n";

  $response = <$SOCKET>;

  print $response;

  close($SOCKET);

}

```

mod_evasive configuration

```

grep -v "#" /etc/apache2/modules.d/10_mod_evasive.conf 

<IfDefine EVASIVE>

LoadModule evasive_module modules/mod_evasive.so

DOSHashTableSize 3097

DOSPageCount 5

DOSSiteCount 100

DOSPageInterval 2

DOSSiteInterval 2

DOSBlockingPeriod 10

DOSEmailNotify xxxx@xxx.xx

DOSLogDir /var/log/apache2/evasive

</IfDefine>

```

I tested it with apache not in chroot - same result.

Could this be a result of using mpm-itk?

----------

## hanj

Any updates with this? I'm running into the same problem. mod_evasive does not work in chroot environment (provided by mod_security).

Thanks!

hanji

----------

## i0

Hey

I discovered later on that this must be configuration problem.

Open IE on win machine and press F5 several times very fast, eventually you see forbidden message.

But strangely same thing does not work with firefox or with perl script.

----------

## vostorga

Just for the record, mod_security disables in a unknown way mod_evasive.

I have been unable to activate both. mod_evasive works fine without mod_security.

Versions I am using:

www-apache/mod_security-2.7.0

www-apache/mod_evasive-1.10.1

www-servers/apache-2.2.23

----------

