Hi Jonathan,
is it possible to add mod_qos to CSF?
Regards,
Sergio
Add mod_qos to CSF
Re: Add mod_qos to CSF
Do you mean the tos (Type of Service) option in iptables, or something else?
Code: Select all
iptables -m tos -hRe: Add mod_qos to CSF
Hi Jonathan,
I am referring to the new apache option called "mod_QoS" (quality of service) it is kind of new. I have been working with it for a few days and I like it.
What it does is to check what IPs are iddle and discard them, I like it and could be a nice addition to CSF.
Regards,
Sergio
I am referring to the new apache option called "mod_QoS" (quality of service) it is kind of new. I have been working with it for a few days and I like it.
What it does is to check what IPs are iddle and discard them, I like it and could be a nice addition to CSF.
Regards,
Sergio
Re: Add mod_qos to CSF
I don't really see how csf would have anything to do with it - what log lines are you thinking csf should scan to block IP addresses from?
Re: Add mod_qos to CSF
Mod_qos checks for IPs that are doing nothing on the server, just wasting a connection slot, look at an example of few IPs on my server today, errors are in the apache error log:
The first list of blocked IPs looked very suspicious to me, this could be blocked automatically by CSF in my server:
Regards,
Sergio
The first list of blocked IPs looked very suspicious to me, this could be blocked automatically by CSF in my server:
Or this other blocks from IPs trying to laid in my server with nothing to do:[Thu Oct 13 16:43:16 2011] [error] [client 94.25.192.198 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=94.25.192.198, id=TpdbdK6E8RIAAG3VUF8AAAAE
[Thu Oct 13 16:43:19 2011] [error] [client 46.118.40.130 (Ukraine)] mod_qos(045): access denied, invalid request line: can't parse uri, c=46.118.40.130, id=Tpdbd66E8RIAAGq2vkwAAAAD
[Thu Oct 13 16:43:22 2011] [error] [client 95.220.249.74 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=95.220.249.74, id=Tpdbeq6E8RIAAGxWKVgAAAAC
[Thu Oct 13 16:43:26 2011] [error] [client 95.220.249.74 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=95.220.249.74, id=Tpdbfq6E8RIAAG3OTUgAAAAA
[Thu Oct 13 16:43:34 2011] [error] [client 109.225.15.90 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=109.225.15.90, id=Tpdbhq6E8RIAAG3OTUoAAAAA
[Thu Oct 13 16:43:36 2011] [error] [client 109.225.15.90 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=109.225.15.90, id=TpdbiK6E8RIAAG7wYOsAAAAG
[Thu Oct 13 16:48:14 2011] [error] [client 77.191.188.33 (Germany)] mod_qos(045): access denied, invalid request line: can't parse uri, c=77.191.188.33, id=Tpdcnq6E8RIAAHl9hikAAAAO
[Thu Oct 13 16:57:30 2011] [error] [client 77.191.188.33 (Germany)] mod_qos(045): access denied, invalid request line: can't parse uri, c=77.191.188.33, id=Tpdeya6E8RIAAAve8MUAAAAG
[Thu Oct 13 16:58:21 2011] [error] [client 213.5.217.111 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=213.5.217.111, id=Tpde-K6E8RIAAArfyWsAAAAT
The IPs could be blocked just in case it is a denial of service in the form of a "SlowLoris" attack.[Thu Oct 13 20:24:39 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=166, this connection=0, c=190.114.144.162 (Argentine)
[Thu Oct 13 20:29:09 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=178, this connection=0, c=190.225.220.97 (Argentine)
[Thu Oct 13 20:29:12 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=174, this connection=0, c=190.225.220.97 (Argentine)
[Thu Oct 13 20:38:50 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=178, this connection=0, c=190.127.237.139 (Colombia)
[Thu Oct 13 21:10:21 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=230, this connection=0, c=190.179.172.185 (Argentine)
[Thu Oct 13 21:25:03 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=178, this connection=0, c=66.87.71.191 (USA)
[Thu Oct 13 21:25:15 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=178, this connection=0, c=66.87.71.191 (USA)
[Thu Oct 13 21:25:26 2011] [error] mod_qos(034): access denied, QS_SrvMinDataRate rule (in): min=198, this connection=0, c=66.87.71.191 (USA)
Regards,
Sergio
Re: Add mod_qos to CSF
Thank you Chirpy, I see that finally it was added to CSF, appreciated.
Sergio
Sergio
-
craigedmonds
- Junior Member
- Posts: 21
- Joined: 21 Dec 2010, 09:24
Re: Add mod_qos to CSF
Sergio, how do you get your logs to display the country name after the ip?[Thu Oct 13 16:43:16 2011] [error] [client 94.25.192.198 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=94.25.192.198, id=TpdbdK6E8RIAAG3VUF8AAAAE
Mine just says... [Wed Dec 18 09:46:49 2013] [error] [client 78.175.166.177] mod_qos(045): access denied, invalid request line: can't parse uri, c=78.175.166.177, id=UrFvCW1LpMgAAF8qHLUAAAKI
Re: Add mod_qos to CSF
Hi Craigedmonds,craigedmonds wrote:Sergio, how do you get your logs to display the country name after the ip?[Thu Oct 13 16:43:16 2011] [error] [client 94.25.192.198 (Russia)] mod_qos(045): access denied, invalid request line: can't parse uri, c=94.25.192.198, id=TpdbdK6E8RIAAG3VUF8AAAAE
Mine just says... [Wed Dec 18 09:46:49 2013] [error] [client 78.175.166.177] mod_qos(045): access denied, invalid request line: can't parse uri, c=78.175.166.177, id=UrFvCW1LpMgAAF8qHLUAAAKI
I haven't done anything to CSF, it already displays the country name if your server is using geolite as part of the CSF script.
Sergio
-
craigedmonds
- Junior Member
- Posts: 21
- Joined: 21 Dec 2010, 09:24
Re: Add mod_qos to CSF
Oh thats cool. How do I enable that in CSF.Hi Craigedmonds,
I haven't done anything to CSF, it already displays the country name if your server is using geolite as part of the CSF script.
Sergio
I can see geolite blocking under Country Code Lists and Settings but not any way to make it display the country in the logs.