mod_watchcat is a module developed to provide watchcatd-awareness to the Apache 2 webserver. This allows a system administrator to set up timeouts for Apache processes, and thus provide protection against badly coded or malicious scripts. mod_watchcat can be configured to kill those resource-consuming processes before the server locks-up.
To enable mod_watchcat, you need to add the following
directive to the Apache configuration file:
LoadModule watchcat_module modules/mod_watchcat.so
There are four directives available for the configuration of mod_watchcat: CatType, CatTimeout, CatOrder and CatLogHandler. They are described below. The mod_watchcat directives are not context-sensitive. This means they can be included anywhere on the Apache configuration, including the .htaccess file. This, however, requires the Options item on the AllowOverride directive.
This directive creates a new type, which will be used on the other configuration directives for the settings that will affect the specified handlers. The default type is automatically created, and doesn't accept any handlers. It is meant to be a "catch-all" for the handlers not specifically declared.
This directive associates a timeout (in seconds) with the specified type. The default timeout (used for the default type) is 60 seconds.
This directive defines the matching order for the list of types specified as a parameter.
This directive is used to log the handlers of the requests. It is useful do find out the names of the handlers to be used on the CatType directive.
This directive allows an alternative path to be set for the watchcatd device, which by default is /var/run/watchcat.socket.
The configuration below defines the type script to contain the application/x-httpd-php, application/x-perl and application/x-cgi handlers. The timeout for this type is then set to 60 seconds. The default timeout (for requests that don't match the the script type is set to 1800 seconds. Finally, the matching order is set so that requests for the script type are handled before those for the default type.
CatType script application/x-httpd-php application/x-perl application/x-cgi CatTimeout script 60 CatTimeout default 1800 CatOrder script default
The next example sets a timeout of 0 for static page handlers. This means that watchcat will not monitor those requests.
CatType static text/html text/plain CatType static application/x-httpd-php-source CatTimeout static 0 CatOrder static default
The example below shows how inheritance works on the configuration of mod_watchcat. The configuration specified for the /home directory inherits the global configuration but uses a different timeout value.
CatType perl application/x-perl application/x-cgi CatTimeout perl 60 CatTimeout default 1800 CatOrder perl default <Directory /home> CatTimeout perl 30 </Directory>
The next example shows a configuration that will set a timeout for PHP scripts and ignore the other handlers (note that specifying the default handler explicitly is not necessary.)
CatType php application/x-httpd-php CatTimeout php 90 CatOrder php
This example shows how to disable the timeouts for a given directory.
CatTimeout default 3600 CatOrder default <Directory /var/www/htdocs> # Disable timeouts CatTimeout default 0 </Directory>
Michel Machado
Andre Nathan
mod_watchcat is licensed under the GNU General Public License (GPL).
Copyright (c) 2004-2014 Digirati.Source tarball: mod_watchcat-1.1.2.tar.gz
mod_watchcat for Debian and Ubuntu is directly available from their respective package repositories as libapache2-mod-watchcat.