yoda icon indicating copy to clipboard operation
yoda copied to clipboard
verified publisher icon UtrechtUniversity

YDA-5984 add mod-evasive to Ubuntu and Alma 9

Open FuHsinyu opened this issue 10 months ago • 0 comments

Added mod-evasive to prevent from large amount of simultaneous Fuzzing requests. Tests have been performed:

  1. Install and overwrite existing mod-evasive config (ubuntu) -> Done
  2. Install mod-evasive in a new and clean VM (ubuntu)-> Done.
  3. Install and overwrite existing mod-evasive config (Alma 9) -> DOing
  4. Install mod-evasive in a new and clean VM (Alma 9)-> Done.

How to test with FFUF fuzzing

  1. Install FFUF fuzzing, and prepare a wordlist.txt (example: download from https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt )
  2. Run with ./ffuf/ffuf -u https://portal.yoda.test/FUZZ -w ./wordlist.txt -of html -o ./outputfile.html -mc 200,204,301,302,307,401,403,308 -rate 60 -t 100 where rate > 50 should cause Sever Denials in Apache LOg.

Update:

  1. Per the discussion within YODA team, the mod_evasive will not be used in production env of yoda. And we'll create new Spike and stories to investigate alternatives.

FuHsinyu avatar Feb 12 '25 06:02 FuHsinyu