Commit e3ac80ca authored by ueli heuer's avatar ueli heuer 👾


parent d96e6a57
mod\_honeypot for Apache 2.4
1.0 Scope
This document describes the function, installation and configuration of
the mod\_honeypot loadable module for Apache 2.4.
......@@ -15,11 +16,13 @@ IPv4
addresses. IPv6 requests will \'walk through\' the module
2.0 Function
mod\_honeypot checks the originating IPv4 addresses of incoming requests
against the Project Honeypot DNSBL reference list.
3.0 Requirements
This section describes requirements for the host system and the user
doing the installation.
......@@ -47,6 +50,7 @@ Experience with building and installing Apache 2 loadable modules is
4.0 Function
This section describes the overall functioning of the module and gives
an abbreviated description of how it operates.
......@@ -95,6 +99,7 @@ When a request is received, the module proceeds as follows:
\"Your IP address is on the Project Honeypot offender list.\"
5.0 Installation
This section describes how to compile and install mod\_honeypot.
......@@ -211,37 +216,21 @@ definitions.
00000001 Log URI when blocked
00000002 Log cache turnovers
00000004 Report trace/debug flag bits
00000008 Report offenders under level threshold
00000010 Report offenders over age threshold
00000080 hp\_check\_ipv4\_cache entry
00000100 search cache
00000800 hp\_add\_ipv4\_cache entry
00001000 insert address
00200000 honeypot\_handler entry
00400000 request method processing
00800000 IPv4 cache processing
01000000 DNSBL lookup
02000000 visitor type processing
04000000 threat level processing
08000000 threat age processing
10000000 add IP to accept/reject cache
Use of the execution trace options can result in very large server logs
......@@ -310,9 +299,7 @@ Suspicious, Harvester, Comment Spammer.
0x0001 Suspicious
0x0002 Harvester
0x0004 Comment Spammer
When a request is from an IP with a visitor type, if the visitor type
......@@ -321,6 +308,7 @@ accepted. The visitor type is octet 4 of the DNSBL response. Consult the
Project Honeypot API for specific information about this octet.
7.0 Error Messages
This section describes ordinary error messages which may be logged by
the module.
......@@ -391,6 +379,7 @@ The local resource URI is logged only if the TC\_LOGDEBUG directive is
used and bit 0x1 is set.
8.0 Exceptions
This section describes potential problems.
......@@ -459,11 +448,13 @@ required to get that rate, linear search probably has an effect as noted
above. Your mileage will vary.
9.0 Problem Reports and Feature Requests
Direct problem reports and feature requests through the following email:
ueli-honypot ( a t ) heuer \[ dot \] org
10.0 Credits
The port for apache 2.4 wouldn\'t exist without the work of
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment