[users@httpd] mod_evasive - testing remotely

[Richard Solid <ri...@gmail.com>]

*I have 3 questions here.

1.* I have installed mod_evasive version 1.10.1 on a Cent OS 4.4 server.

I'm using the test.pl script that comes with mod_evasive to test the
configuration and when running the script from the same server mod_Evasive
is installed. The mod_evasive is able to detect the intrusion and block the
IP of the server.

If I use the same test.pl script from an external server the requests come
in and are viewable in the access log but mod_evasive doesnt block the IP of
the external server. Probably is not blocing the ip of the external server
because of latency.

Is there a way to modify the test.pl script to make it more agressive and
get results when testing from an external server?

Here I'm pasting the code of the test.pl script:

#!/usr/bin/perl

# test.pl: small script to test mod_dosevasive's effectiveness

use IO:Socket;
use strict;

for(0..100) {
my($response);
my($SOCKET) = new IO:Socket::INET( Proto => "tcp",
PeerAddr=> "test.domain.tld:80");
if (! defined $SOCKET) { die $!; }
print $SOCKET "GET /?$_ HTTP/1.0\n\n";
$response = <$SOCKET>;
print $response;
close($SOCKET);
}

*2.* Also, I have sendmail installed and on the mod_evasive config I have
email address specified on DOSEmailNotify. When testing from the internal
server with the test.pl script the server is able to block the ip, put in
the hash table but it never sends an email to my email address.

3. Do I have to use mod_evasive with modsecurity? Or can I use modsecurity
by itself?

Any inputs?