Official mirror howto
See http://www.clamav.net/doc/mirrors/VirtualHost Configuration
For Apache:<VirtualHost 10.1.2.3> ServerAdmin john@clamav.foo.com DocumentRoot /home/users/clamavdb/public_html ServerName database.clamav.net ServerAlias db.*.clamav.net ServerAlias clamav.foo.com </VirtualHost>For Nginx:
server {
listen 10.1.2.3:80;
server_name database.clamav.net ~^db\..*\.clamav\.net clamav.foo.com;
location / {
root /home/users/clamavdb/public_html;
index index.html;
}
}
Bandwidth limit
You are encouraged to put some bandwidth limit on your ClamAV mirror vhost. Many mirror sysadmins running Apache HTTP Server find the Bandwidth Mod useful for this purpose. Here is an example config that will do the following:- Limit .cvd downloads to 40KB/s
- Limit .cdiff downloads to 400KB/s
- Allow max 50 simultaneous connections
- Minimum download speed 20KB/s
<IfModule mod_bw> BandWidthModule On ForceBandWidthModule On LargeFileLimit .cvd 1 40000 LargeFileLimit .cdiff 1 400000 MaxConnection all 50 MinBandwidth all 20000 </IfModule>If run lighttpd und can use the following:
$HTTP["url"] =~ "\.cvd$" {
server.max-connections = 50
connection.kbytes-per-second = 40
}
$HTTP["url"] =~ "\.cdiff$" {
server.max-connections = 50
connection.kbytes-per-second = 400
}
if run Nginx can use the following(without simultaneous connections limit):
if ( $request_uri ~ "\.cvd$" ) {
set $limit_rate 40k;
}
if ( $request_uri ~ "\.cdiff$" ) {
set $limit_rate 400k;
}
Reducing traffic:
BlackList IP addresses of abusers:
We provide a file which lists all the IP addresses that are reported by our mirrors as abusers. The name of the file is local_blacklist_apache and it's written following Apache mod_access syntax. You can easily include it in your .htaccess to automatically blacklist abusers.BlackList old versions of ClamAV:
We kindly ask our mirrors to support as many old versions of ClamAV as possible. However we understand that this can eat a lot of resources and not every mirror can afford it. Hereby we provide some config. examples for various web servers: Apache HTTP Server:SetEnvIfNoCase User-Agent "^clamav/0.6" bad_clamav SetEnvIfNoCase User-Agent "^clamav/0.7" bad_clamav SetEnvIfNoCase User-Agent "^clamav/0.8" bad_clamav
SetEnvIfNoCase User-Agent "^ClamWin/0.6" bad_clamav SetEnvIfNoCase User-Agent "^ClamWin/0.7" bad_clamav SetEnvIfNoCase User-Agent "^ClamWin/0.8" bad_clamav
SetEnvIfNoCase User-Agent "^clamav/devel-0.8" bad_clamav SetEnvIfNoCase User-Agent "^clamav/devel-2004" bad_clamav SetEnvIfNoCase User-Agent "^clamav/devel-2005" bad_clamav SetEnvIfNoCase User-Agent "^clamav/devel-2006" bad_clamav SetEnvIfNoCase User-Agent "^clamav/devel-2007" bad_clamav SetEnvIfNoCase User-Agent "^clamav/devel-2008" bad_clamav
lighttpd:<Location "/"> Order allow,deny Allow from all Deny from env=bad_clamav </Location>
$HTTP["useragent"] =~ "^clam(av|Win)\/(0.[012345678]|.*devel).*$" {
url.access-deny = ( "" )
}
Nginx:
if ( $http_user_agent ~* "^clam(av|win)\/(0\.[0-8]|devel-200[0-8]|devel-0\.[0-8]).*$" ) {
return 404;
}
-- LucaGibelli - 2009-10-12 Topic revision: r9 - 2009-11-14 - 13:52:58 - ZhankaoWEN
Main Web
Create New Topic
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Main |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback