Hi Matthew, 2016-10-31 16:20 GMT+01:00 Matthew Jones <m.jo...@hud.ac.uk>:
> Hello all, first up apologies if this is not the correct place for this > question. If it’s not, then I’d appreciate a nudge in the correct direction. > > > > I’m trying to configure mod_evasive so that it whitelists a number of IP > ranges, in particular our private 10.*.*.* network. I’ve added that range > to the DOSWhitelist but we’re still seeing blacklisting of 10.*.*.* > addresses reported by mod_evasive via email. > as side note mod_evasive is a third party module not included in the httpd official release, so we can try to help but it would be better to follow up with the module's author (even though if I remember correctly the project is not active at the moment). > > > Here is the content of evasive.conf: > > > > <IfModule mod_evasive20.c> > > DOSHashTableSize 6400 > > DOSPageCount 2 > > DOSSiteCount 64 > > DOSPageInterval 1 > > DOSSiteInterval 1 > > DOSBlockingPeriod 60 > > DOSEmailNotify cs-unixsupportt...@hud.ac.uk > > DOSWhitelist 10.*.*.* 172.22.*.* 161.112.232.102 > 161.112.232.103 161.112.232.111 161.112.232.117 161.112.232.221 > 161.112.232.37 > > </IfModule> > > > > We’re using apache 2.4.7 on Ubuntu 14.04.05. Please let me know if there > is any further information which might be of help in diagnosing this. > > > > I know that mod_evasive is active as I say because it’s reporting the > blacklisting of those 10.* IPs, so what am I missing about how to configure > it to whitelist these IP ranges please? > Does the module correctly whitelist the other IPs? Can you try something like: DOSWhitelist 10.*.*.* DOSWhitelist 172.22.*.* ... ... Let me know if anything changes! Luca