> It's configurable so after > exceeding a threshold the client gets content from the shared memory > cache, and if a second threshold is exceeded (ok this guy is getting > REALLY irritating) then they get the 'come back later' message. They will > only get cached content if they exceed x number of requests within y > number of seconds.
Nice idea. I usually prefer to just send an ACCESS DENIED if someone is behaving badly, but a cached page might be better for some situations. How do you determine individual users? IP can be a problem with large proxies. At eToys we used the session cookie if available (we could verify that it was not faked by using a message digest) and wold fall back to the IP if there was no cookie. > Any ideas on how to write a version of this that one CAN simply drop into > an existing application would be most welcome. It's hard to do that without making assumptions about the way to cache the content. Personally, I prefer to make this kind of thing an AccessHandler rather than using Apache::Filter, but your approach makes sense for you method of caching. - Perrin
