Ticket #1579 (new defect)

Opened 4 months ago

Last modified 2 days ago

1.4.18 + mod_evasive + ipv6

Reported by: anonymous Assigned to: jan
Priority: normal Milestone: 1.5.0
Component: mod_evasive Version: 1.4.19
Severity: major Keywords: patch
Cc: Blocking:
Need Feedback: 0

Description

Hello,

it seems there is a problem with mod_evasive when using together with IPv6. I am using a limit of 15 connections per IP. Once i enable IPv6 via "server.use-ipv6" (this is on linux) i get insane many 403 errors and alot of "connection turned away" errors in my log. Note: This happens only after enabling IPv6. I am running a very high traffic website with over 500req/s on average. Reproducing this is probably not easy since you would need alot of clients with different IP addresses.

I have tested this with 1.5.0 R1922 and it works fine there. I have been searching the ticket db but havent been able to locate anything or any note if there was indeed something fixed.

Regards, Jonas Frey

Attachments

Fix-mod_evasive-IPv6-1579.patch (2.3 kB) - added by stbuehler on 06/23/2008 07:28:09 PM.
2. try

Change History

05/18/2008 03:56:23 PM changed by anonymous

  • version changed from 1.4.18 to 1.4.19.

Followup:

In contrary to my previous post: this is not fixed in 1.5.x. It happens there, too. It just takes more time to be visible but then its the same. After all mod_evasive is unusable together with IPv6. This module should be considered broken.

Regards, Jonas Frey

05/20/2008 09:15:06 PM changed by stbuehler

  • keywords changed from ipv6 evasive to patch.

Please test the attached patch if possible, perhaps it gets in before 1.4.20

06/02/2008 01:24:34 PM changed by naked@iki.fi

I managed to run in to the same problem when enabling mod evasive. My case should be fairly reproducible (seen in a week or so at least), so I can test the patch soon.

06/02/2008 04:55:17 PM changed by naked@iki.fi

I tested this patch and the behaviour was similar to what it was before this patch - meaning that once a limit was passed, all new connections seemed to receive the 403 response, not just connections originating from the same IP address.

06/02/2008 05:03:21 PM changed by naked@iki.fi

  • pending set to 1.

I was fearing that perhaps I made a mistake and didn't actually apply the patch or that the binary wouldn't have been updated, but that does not seem to be case - the error message is:

2008-06-02 19:51:09: (mod_evasive.c.175) ::ffff:1.2.3.4 turned away. Too many connections.

And line 175 in mod_evasive.c is exactly the log_error_write line after applying the patch.

06/02/2008 05:11:54 PM changed by naked@iki.fi

  • pending deleted.

Accidentally set the need feedback tag, sorry. Also, taking a quick peek at the patch, it looks like the comparsion is the wrong way around in the IPv6 case (== vs. =!) - however, I can't confirm this right now.

06/23/2008 07:28:09 PM changed by stbuehler

  • attachment Fix-mod_evasive-IPv6-1579.patch added.

2. try

07/03/2008 09:26:09 AM changed by fantec

I am running lighttpd since 06/24 with Fix-mod_evasive-IPv6-1579.patch without any problem (the patch was applied as I was having the problem with mod_evasive when I enabled IPv6) on ftp.free.fr/ftp.proxad.net.

Add/Change #1579 (1.4.18 + mod_evasive + ipv6)




Change Properties