>> That is true. But the idea beneath this, is detecting the atacckers. >> Then, issuing the ip to a text file, which will be read by another >> script that will fed the firewall to block connections. >> Although it should increase the resources being used, it should be >> minimal, as they aren't that expensive. > > > So run the mod_status data and count connections per IP address. This > will be way more reliable than any network-performance criteria, IMHO. >
And then, just make the DoS distributed. You can fill the connections again, without being the same, and taking forever to release a child. Anyways, we can keep discussing that forever. (And this is in the most polite way), my question wasn't about the better way of detecting a DoS... i just want to know where should i put a timeout cheking code. If it is possible to use a kind of filter, or just major tweaking of apache source is needed. I think such a feature should be present in the API, so advanced mod can be made. > Joshua. >
