[mp2] a better way to block/throttle clients

[Stas Bekman]

mod_perl 1.0 has several tools for throttling/block clients, but they all do 
their work in pretty late stage, wasting quite a few resources. With mp2 you 
can now throttle/block clients before any data was sent and before Apache has 
done anything at all. This example module takes advantage of running during 
the pre_connection phase. I believe this is "almost" as efficient as firewall 
blocking (the "only" overhead is select() and several calls in perl). the cool 
thing is that Apache simply drops the connection without sending anything back 
to the client ;)

Of course you want to adopt it to use a real database and some well defined 
blocking policies. May be Randal will revise his webtechnique column to use 
this better phase (CC'ing him).

  #file:MyApache/BlockIP2.pm
  #--------------------------
  package MyApache::BlockIP2;
  use Apache::Connection ();

  use Apache::Const -compile => qw(FORBIDDEN OK);

  my %bad_ips = map {$_ => 1} qw(127.0.0.1 10.0.0.4);

  sub handler {
      my Apache::Connection $c = shift;
      my $ip = $c->remote_ip;
      if (exists $bad_ips{$ip}) {
          warn "IP $ip is blocked\n";
          return Apache::FORBIDDEN;
      }
      return Apache::OK;
  }
  1;

Configuration:

  PerlPreConnectionHandler MyApache::BlockIP2

You will need mp 1.99_08 or higher for this to work.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com