mod_watchcat 1.0 review
Downloadmod_watchcat is a module developed to provide watchcatd-awareness to the Apache 2 webserver
|
|
mod_watchcat is a module developed to provide watchcatd-awareness to the Apache 2 webserver. This allows a system administrator to set up timeouts for Apache processes, and thus provide protection against badly coded or malicious scripts. mod_watchcat can be configured to kill those resource-consuming processes before the server locks-up.
Enabling mod_watchcat
To enable mod_watchcat, you need to add the following directive to the Apache configuration file:
LoadModule watchcat_module modules/mod_watchcat.so
Configuration directives
There are four directives available for the configuration of mod_watchcat: CatType, CatTimeout, CatOrder and CatLogHandler. They are described below. The mod_watchcat directives are not context-sensitive. This means they can be included anywhere on the Apache configuration, including the .htaccess file. This, however, requires the Options item on the AllowOverride directive.
CatType type handler [ handler...]
This directive creates a new type, which will be used on the other configuration directives for the settings that will affect the specified handlers. The default type is automatically created, and doesn't accept any handlers. It is meant to be a "catch-all" for the handlers not specifically declared.
CatTimeout type timeout
This directive associates a timeout (in seconds) with the specified type. The default timeout (used for the default type) is 60 seconds.
CatOrder type [ type...]
This directive defines the matching order for the list of types specified as a parameter.
CatLogHandler
This directive is used to log the handlers of the requests. It is useful do find out the names of the handlers to be used on the CatType directive.
Configuration Examples
The configuration below defines the type script to contain the application/x-httpd-php, application/x-perl and application/x-cgi handlers. The timeout for this type is then set to 60 seconds. The default timeout (for requests that don't match the the script type is set to 1800 seconds. Finally, the matching order is set so that requests for the script type are handled before those for the default type.
CatType script application/x-httpd-php application/x-perl application/x-cgi
CatTimeout script 60
CatTimeout default 1800
CatOrder script default
The next example sets a timeout of 0 for static page handlers. This means that watchcat will not monitor those requests.
CatType static text/html text/plain
CatType static application/x-httpd-php-source
CatTimeout static 0
CatOrder static default
The example below shows how inheritance works on the configuration of mod_watchcat. The configuration specified for the /home directory inherits the global configuration but uses a different timeout value.
CatType perl application/x-perl application/x-cgi
CatTimeout perl 60
CatTimeout default 1800
CatOrder perl default
< Directory /home >
CatTimeout perl 30
< /Directory >
The next example shows a configuration that will set a timeout for PHP scripts and ignore the other handlers (note that specifying the default handler explicitly is not necessary.)
CatType php application/x-httpd-php
CatTimeout php 90
CatOrder php
This example shows how to disable the timeouts for a given directory.
CatTimeout default 3600
CatOrder default
< Directory /var/www/htdocs >
# Disable timeouts
CatTimeout default 0
< /Directory >
Requirements:
Apache
watchcatd
mod_watchcat 1.0 keywords