There’s a new version of mod_security that has just been released. Here are the details:
APF antidos
With a wide range of experience in dealing with issues and problems caused either directly or indirectly by APF, I’ve come to the conclusion that the antidos (AD) feature of APF is much more trouble than it is worth. With it enabled, it’s apparent that the iptables rules can very quickly become dangerously full. This can lead to at least two issues:
- Ethernet traffic is slowed down due to the large number of lookup checks required
- A server can be rendered unbootable
That last point is the most dangerous. I’ve seen several servers with around 1000 IP addresses in the firewall preventing a server from booting. IIRC, this happens because APF is taking so long to load up the iptables rules, the boot sequence basically stalls and goes no further.Details on disabling antidos if you have it enabled follow…Steps to disable AD:
- Edit /etc/apf/conf.apf and set: USE_AD=”0″
- Empty out the AD rules: cat /dev/null > /etc/apf/ad/ad.rules
- Restart APF: apf -r
- Remove the root crontab entry that mentions antidos, also check /etc/crontab
- Make sure that antidos isn’t still running in cron: killall -9 antidos