Project

General

Profile

Actions

Bug #1579

closed

1.4.18 + mod_evasive + ipv6

Added by Anonymous over 16 years ago. Updated over 16 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_evasive
Target version:
ASK QUESTIONS IN Forums:

Description

Hello,

it seems there is a problem with mod_evasive when using together with IPv6. I am using a limit of 15 connections per IP. Once i enable IPv6 via "server.use-ipv6" (this is on linux) i get insane many 403 errors and alot of "connection turned away" errors in my log. Note: This happens only after enabling IPv6.
I am running a very high traffic website with over 500req/s on average.
Reproducing this is probably not easy since you would need alot of clients with different IP addresses.

I have tested this with 1.5.0 R1922 and it works fine there. I have been searching the ticket db but havent been able to locate anything or any note if there was indeed something fixed.

Regards,
Jonas Frey


Files

Fix-mod_evasive-IPv6-1579.patch (2.28 KB) Fix-mod_evasive-IPv6-1579.patch 2. try stbuehler, 2008-06-23 19:28

Related issues 1 (0 open1 closed)

Related to Bug #2061: mod_evasive + ipv6 does not workInvalid2009-09-01Actions
Actions #1

Updated by Anonymous over 16 years ago

Followup:

In contrary to my previous post: this is not fixed in 1.5.x. It happens there, too. It just takes more time to be visible but then its the same.
After all mod_evasive is unusable together with IPv6. This module should be considered broken.

Regards,
Jonas Frey

Actions #2

Updated by stbuehler over 16 years ago

Please test the attached patch if possible, perhaps it gets in before 1.4.20

Actions #3

Updated by Anonymous over 16 years ago

I managed to run in to the same problem when enabling mod evasive. My case should be fairly reproducible (seen in a week or so at least), so I can test the patch soon.

-- naked

Actions #4

Updated by Anonymous over 16 years ago

I tested this patch and the behaviour was similar to what it was before this patch - meaning that once a limit was passed, all new connections seemed to receive the 403 response, not just connections originating from the same IP address.

-- naked

Actions #5

Updated by Anonymous over 16 years ago

I was fearing that perhaps I made a mistake and didn't actually apply the patch or that the binary wouldn't have been updated, but that does not seem to be case - the error message is:

2008-06-02 19:51:09: (mod_evasive.c.175) ::ffff:1.2.3.4 turned away. Too many connections.

And line 175 in mod_evasive.c is exactly the log_error_write line after applying the patch.

-- naked

Actions #6

Updated by Anonymous over 16 years ago

Accidentally set the need feedback tag, sorry. Also, taking a quick peek at the patch, it looks like the comparsion is the wrong way around in the IPv6 case (== vs. =!) - however, I can't confirm this right now.

-- naked

Actions #7

Updated by Anonymous over 16 years ago

I am running lighttpd since 06/24 with Fix-mod_evasive-IPv6-1579.patch
without any problem (the patch was applied as I was having the problem with mod_evasive when I enabled IPv6) on ftp.free.fr/ftp.proxad.net.

-- fantec

Actions #8

Updated by stbuehler over 16 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Fixed in r2222 and r2224 for 1.4 and 1.5

Actions

Also available in: Atom