Skip to content

adlerre/mod_repudiator

Repository files navigation

mod_repudiator - Reputation-based limiting/blocking of malicious clients

Requirements

Installed headers for apache2, libmaxminddb and optional for pcre2. Download the ASN database with geoipupdate.

RHEL based

dnf -y install gcc httpd-devel libmaxminddb-devel pcre2-devel redhat-rpm-config

Debian/Ubuntu

apt -y install gcc apache2-dev libmaxminddb-dev libpcre2-dev

Build

apxs -c -lmaxminddb mod_repudiator.c

With pcre2 support

apxs -c -DPCRE2 -lmaxminddb -lpcre2-8 mod_repudiator.c

Debug build

apxs -c -DPCRE2 -DREP_DEBUG -lmaxminddb -lpcre2-8 mod_repudiator.c

Modul config

  • RepudiatorEnabled
    Default: false

    Enable module

  • RepudiatorEvilModeEnabled
    Default: false

    Let's get mad!

  • RepudiatorEvilRedirectURL
    Default: NULL

    Redirect the bad boy to this URL

  • RepudiatorEvilAppendURI
    Default: 0

    Append raw URI to redirect URL

  • RepudiatorEvilDelay
    Default: 0

    Number of milliseconds to delay before sending the response.

  • RepudiatorWarnReputation
    Default: -200

    Reputation warning score

  • RepudiatorBlockReputation
    Default: -400

    Reputation blocking score

  • RepudiatorPerIPReputation
    Default: -0.033

    Reputation score per IP address

  • RepudiatorPerNetReputation
    Default: -0.0033

    Reputation score per IP address within network

  • RepudiatorPerASNReputation
    Default: -0.00033

    Reputation score per IP address within ASN block

  • RepudiatorScanTime
    Default: 60

    Scan time in seconds

  • RepudiatorWarnHttpReply
    Default: 429

    HTTP status code if warning score is reached

  • RepudiatorBlockHttpReply
    Default: 403

    HTTP status code if blocking score is reached

  • RepudiatorASNDatabase

    Path to GeoLite2 ASN database

  • RepudiatorIPReputation
    iterable

    Set network-based reputation, first part is network and second is reputation score.
    Example:
    RepudiatorIPReputation 192.168.0.0/16 1000.0

  • RepudiatorUAReputation
    iterable

    Set UserAgent-based reputation, first part regex and second is reputation score.
    Example:
    RepudiatorUAReputation ".*MSIE [1-9].0.*" -400.0

  • RepudiatorURIReputation
    iterable

    Set URI-based reputation, first part regex and second is reputation score.
    Example:
    RepudiatorURIReputation ".*\.(env|git|bash(rc|_(history|profile))).*" -1000.0

  • RepudiatorASNReputation
    iterable

    Set ASN-based reputation, first part is ASN and second is reputation score.
    Example:
    RepudiatorASNReputation 15169 100.0

  • RepudiatorStatusReputation
    iterable

    Set HTTP-Status-based reputation, first part status code is reputation score.
    Example:
    RepudiatorStatusReputation 404 -1.0

Let's ban these bad guys

Install fail2ban and add custom jail.

cp fail2ban/filter.d/apache-mod_repudiator.conf /etc/fail2ban/filter.d/

cat >> /etc/fail2ban/jail.local << EOF
[apache-mod_repudiator]
enabled = true
backend = polling
port    = http,https
filter  = apache-mod_repudiator
logpath = /var/log/httpd/error_log
maxretry = 1
findtime = 120
bantime  = 600
EOF

systemctl restart fail2ban

About

Reputation-based limiting/blocking of malicious clients

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 2

  •  
  •