commit 19a1c25901e60e00e9f29b95c47d3693255e6ddf Author: David Fifield david@bamsoftware.com Date: Tue Sep 30 22:15:27 2014 -0700
Add "DOSLogDir /dev/null" to the example Apache configuration.
By default, mod_evasive creates a file in /tmp for every blocked client, with a name like dos-<IP address>. I didn't know this was going on, and found 1,659 such files on the facilitator dating back to May 2013. The contents of each file is just a PID, I think.
This configuration option prevents the creation of such files. Blocked IP addresses still turn up, however, in the error.log that is not disabled, in lines that look like [DATE] [error] [client X.X.X.X] client denied by server configuration: /usr/local/bin/facilitator.cgi --- facilitator/examples/fp-facilitator.conf.in | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/facilitator/examples/fp-facilitator.conf.in b/facilitator/examples/fp-facilitator.conf.in index f0e3968..bc86251 100644 --- a/facilitator/examples/fp-facilitator.conf.in +++ b/facilitator/examples/fp-facilitator.conf.in @@ -27,4 +27,7 @@ MaxClients 256
# requires mod_headers Header add Strict-Transport-Security "max-age=15768000" + + # Disable creation of dos-* log files in /tmp. + DOSLogDir /dev/null </VirtualHost>
tor-commits@lists.torproject.org