On Wed, May 28, 2008 at 1:19 PM, Fred Moyer <[EMAIL PROTECTED]> wrote: > Sean Davis wrote: >> >> This is decidedly off-topic.... >> >> We run a pretty small website (multi-use) on Apache (2.2) and mod_perl >> (along with some php, cgi, and static content). Unfortunately, our >> organization has recently decided to institute the policy of scanning >> the site on a regular basis for security reasons. The scan software >> crawls all links and URLs on the site, hitting each one with multiple >> forms of attack. In some parts of the world, this is called a >> denial-of-service attack, but here it is called a security scan. I >> have no control over the scan parameters, so I am looking for a >> meaningful way of limiting the number of connections (not really >> bandwidth, since we host VERY large static files) from a single IP. >> Any suggestions? > > You could do this with mod_perl by using something like Apache::Scoreboard - > http://search.cpan.org/dist/Apache-Scoreboard > > Check to see if the number of server side children are maxed out for a given > ip, and return a 503 if that is the case.
This sounds like a viable option, yes. It also allows lots of flexibility.... > But if you are running Linux an alternative way to do this might be with > iptables and the iplimit module - http://linuxgazette.net/108/odonovan.html I'm on macos, currently. Thanks.