Skip to content

mTLS and mod_evasive#6

Merged
jsrobinson3 merged 3 commits intomainfrom
fineTuning
Feb 24, 2026
Merged

mTLS and mod_evasive#6
jsrobinson3 merged 3 commits intomainfrom
fineTuning

Conversation

@jsrobinson3
Copy link
Copy Markdown
Owner

@jsrobinson3 jsrobinson3 commented Feb 24, 2026
edited
Loading

This PR adds two major features:

  1. mTLS NodePing IP management - CLI commands to fetch, update, and remove NodePing
    monitoring IPs from the mTLS config. (Avoids Insight alerts)
  2. mod_evasive integration - Mode-aware HTTP flood protection that's enabled in blocking
    mode and disabled in DetectionOnly mode.

jsrobinson3 and others added 3 commits February 21, 2026 17:51
@jsrobinson3
fine tuning and unit tests
10babdd
@jsrobinson3
add fetch for nodeping urls
5c93161
@jsrobinson3
add mod_evasive config management and mode-aware toggling
9573edd 
mod_evasive was installed with all directives commented out, causing
aggressive defaults (2 req/s per-page) to block legitimate traffic
including localhost internal requests. This adds:

- Tuned evasive.conf template (DOSPageCount 15, DOSSiteCount 60,
  DOSBlockingPeriod 60) with full RFC 1918 whitelist
- Evasive state tied to ModSecurity mode: enabled in blocking (On),
  disabled in DetectionOnly to avoid blocking during WAF tuning
- waf init writes config + toggles module, waf enable/disable toggles
  evasive alongside ModSecurity, waf status shows evasive state
- 18 new unit tests covering config, state toggling, and mode integration
@jsrobinson3 jsrobinson3 changed the title Fine tuning mTLS and mod_evasive Feb 24, 2026
@jsrobinson3 jsrobinson3 merged commit 40ab0b3 into main Feb 24, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jsrobinson3