Mod Ifier

An apache2 module which allows you to filter each incoming HTTP request to your webserver - allowing you to drop Referer-spam, exploit attempts, and more.

Please note: I have recently taken over maintanance of this module in order to add hashdos protection. This is a holding page until a more complete version is ready.

Version 0.9-beta2: hashdos protection

This update is intended to provide apache administrators with a way to limit the number of hashable items in a request. It should therefore provide some protection against hash collision DOS attacks. It is not a "proper" solution - that can only be applied in the programming languages with the vulnerability - but for admins who do not have direct control over the web applications they host it should limit the severity of attacks by rejecting requests with a very large number of (for example) CGI parameters.

More details on the vulnerability: http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/

Use the new config parameters DropParamLimit, DropHeaderLimit and DropCookieLimit to set the appropriate limits, eg.:

DropParamLimit 1000
DropHeaderLimit 100
DropCookieLimit 50

This version can be dowloaded here: mod-ifier-0.9beta2.tar.gz

I am keen to hear from people using this beta, please send me an email: steve@tagadab.com with any problems.

Version 0.8a

This is a slightly updated version with no new functionality but with some deprecated code brought up to date so that it compiles with more recent versions of apache. It's available here: modifier-0.8a.tar.gz.

Version 0.8

This is the original version by Steve Kemp, unmodified. It is still available at the original location here: modifier-0.8.tar.gz or you can download a copy stored locally. The original site is still available and contains some documentation.