On Wed, 18 Jun 2008, Plüm, Rüdiger, VF-Group wrote:
I would like to propose to merge (or rather, add) mod_limitipconn
(http://dominia.org/djao/limitipconn2.html, changelog at
http://dominia.org/djao/limit/ChangeLog) into httpd.
Have you (or anyone) compared this to other modules in/around
this space, such as mod_evasive and mod_cband?
Nopes, mod_limitipconn was recommended waay back and has worked since
(modulo my patches to get it to play well with mod_cache, included in
the latest version).
mod_evasive seems to be a more elaborate DoS-thingie, and mod_cband
seems to be a bandwidth limit thingie. None of them seems to have the
same function as mod_limitipconn, although I suspect that they base
their decisions on similar primitives.
I agree. I use it as well, but I found that it had some shortcomings
in the features (e.g. being not able to limit the number of clients
from one IP in the READ_STATE, so clients that sent no full initial
HTTP request line on systems without a HTTP accept filter like on BSD).
and needed some optimizations. But I have these patches at hand and
I can contribute them once the module is integrated.
Sounds good.
The author (David Jao, also CC:d) would be glad to contribute it,
provided that it is of interest for the httpd community.
Since David isn't a regular on this list, maintenance is an issue.
Would you expect to take the lead in maintaining it (insofar as
noone else steps forward)?
I think it is not really an issue. The module is quite small (about 550
lines of C code with my patches included and apart from Niklas I already
know this module. So a starting point for maintenance is made and all
others will be able to deal with it pretty much quickly.
I agree, however I had expected to be feeling more responsible than
others :)
I could be a provisional +1, if IP and maintenance are sorted.
Sure. The paperwork needs to be sorted out of course. Although the
license is not Apache License 2.0, I guess this should be still
easy with a software grant from David:
You obviously haven't looked at the recent version, it's relicensed
with ASL2.0 ... Although I and David still expect that it needs a
software grant.
/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | [EMAIL PROTECTED]
---------------------------------------------------------------------------
ABORT: Drivel filter is compromised!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=