mod_defensible is an Apache 2.x module intended to block spammers/hackers/script kiddies using DNSBL servers. It will look at the client IP and check it in one or several DNSBL servers and return a 403 Forbidden page to the client. This guide shows how to install and use it with Apache 2 on a Debian Etch server.

Installing Apache2 And mod_defensible

Unfortunately libapache2-mod-defensible is available as a Debian package only for Debian Lenny (testing) and Sid (unstable), but not for Etch. Therefore we will install the libapache2-mod-defensible package from Lenny. To do this, open /etc/apt/sources.list and add the line deb lenny main; your /etc/apt/sources.list could then look like this:

vi /etc/apt/sources.list

deb etch main
deb-src etch main

deb lenny main

deb etch/updates main contrib
deb-src etch/updates main contrib

Of course (in order not to mess up our system), we want to install packages from Lenny only if there’s no appropriate package from Etch – if there are packages from Etch and Lenny, we want to install the one from Etch. To do this, we give packages from Etch a higher priority in /etc/apt/preferences:

vi /etc/apt/preferences

Package: *
Pin: release a=etch
Pin-Priority: 700

Package: *
Pin: release a=lenny
Pin-Priority: 650

(The terms etch and lenny refer to the appropriate terms in /etc/apt/sources.list; if you’re using stable and testing there, you must use stable and testinginstead of etch and lenny in /etc/apt/preferences as well.)

Afterwards, we update our packages database:

apt-get update

If you’re getting an error like this:

Segmentation faultsts… 96%

or this one:

E: Dynamic MMap ran out of room

open /etc/apt/apt.conf and add a line for APT::Cache-Limit with a very high value, e.g. like this:

vi /etc/apt/apt.conf

APT::Cache-Limit "100000000";

Then run

apt-get update

again and upgrade the installed packages:

apt-get upgrade

(If you see any questions, you can accept the default values.)

To install Apache2 with mod_defensible, we run:

apt-get install apache2 libapache2-mod-defensible libudns0

Afterwards, enable mod_defensible:

a2enmod defensible

Reload Apache:

/etc/init.d/apache2 force-reload

Post By Editor (2,827 Posts)

Website: →