Forum

Hiawatha don't ban

Kevin
24 September 2011, 00:04
I'm trying to block people from scanning my site. When i test remote server it doesn't seem to ban. on my local test box it works. same Hiawatha ver. Same config.

# Hiawatha main configuration file
#


# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 250
ConnectionsPerIP = 20
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ExploitLogfile = /var/log/hiawatha/exploit.log
LogFormat = extended

# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
# Interface = 127.0.0.1
MaxKeepAlive = 120
TimeForRequest = 120,200
MaxRequestSize = 5000
}
#
#Binding {
# Port = 443
# Interface = ::1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
# SSLcertFile = hiawatha.pem
#}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnFlooding = 30/1:35
#BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#
FastCGIserver {
FastCGIid = PHP5FPM
ConnectTo = 127.0.0.1:9000
Extension = php, php5
SessionTimeout = 30
}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#

UrlToolkit {
ToolkitID = wordpress
RequestURI exists Return
Match .* Rewrite /index.php
}


UrlToolkit {
ToolkitID = ban_scanner
Match ^/(phpmyadmin|pma|mysql|setup|install) Ban 600
}

# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners wont find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi


VirtualHost {
Hostname = ****.***, www.****.***
WebsiteRoot = /home/*****/domain.com
StartFile = index.php
AccessLogfile = /home/****/logs/access.log
ErrorLogfile = /home/****/logs/error.log
TimeForCGI = 10
UseFastCGI = PHP5FPM
UseToolkit = wordpress
UseToolkit = ban_scanner
DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
ErrorHandler = 404:/index.php
PreventCSRF = yes
PreventXSS = yes
DenyBot = ZmEu:/
DenyBot = Toata:/
DenyBot = Baiduspider:/
DenyBot = Baiduspider/2.0:/
DenyBot = Curl:/
DenyBot = Nmap:/
}



Hiawatha version: v7.6
Operating System: Debian 6 32bit
Kevin
6 October 2011, 04:12
Resovled>
Seems the issue was with the rewrite was before the ban toolkit

so moving the toolkits fixed the issue

UseToolkit = wordpress
UseToolkit = ban_scanner

to


UseToolkit = ban_scanner
UseToolkit = wordpress
Hugo Leisink
6 October 2011, 07:12
Good to hear that your problem is solved. Sorry for not responding to your question. I must have missed your post.
This topic has been closed.