mod_dosevasive + iptables

The conf of our mod_dosevasive is shown below. Everthing is working great (sends email, taking logs, etc) but we do not know how to use DosSystemCommand, which is needed to ban ips from the iptables. So , what do we have to write for the DosSystemCommand to take this action, and what does chmod of mod_dosevasive20.conf have to be?
thank you for your attention and help.

<IfModule mod_dosevasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 25
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60
DOSEmailNotify mail@mail.com
DOSSystemCommand "su - root -c '/usr/sbin/iptables -I INPUT -s %s -j DROP'"
DOSSystemCommand "echo %s >> /tmp/mod_doesevasive.log"
</IfModule>

whe have apache2.0.48 with suse9,1

 

 

 

 

Top