> However, I would suggest that connections are better dropped at > IP-level (by firewall rules/iptables) or by using
I agree for blocking access, however a module that was to add something like a per-IP connection-rate or simultaneous connection limit could be a nice gem for the toolbox, too :). Thanks, Rick Houser Auto-Owners Insurance Systems Support > -----Original Message----- > From: Sorin Manolache [mailto:sor...@gmail.com] > Sent: Friday, August 28, 2009 10:34 AM > To: modules-dev@httpd.apache.org > Subject: Re: correct hook function after accepting connection > > On Fri, Aug 28, 2009 at 16:06, Robert Schulze<r...@bytecamp.net> wrote: > > Hi, > > > > is there a hook for dealing with connections *before* any > http data is read? > > The reason for this todo would be dropping connections from > hosts without > > ever reading the request - keeping slowloris in mind. > > > > With kind regards, > > > > Robert Schulze > > > > You have a choice among these: > > pre_connection(conn_rec *, void *) > process_connection(conn_rec *) > > If return != OK && != DECLINED => connection is not processed. > > However, I would suggest that connections are better dropped at > IP-level (by firewall rules/iptables) or by using > > Order allow,deny > Allow from all > Deny from the_ips_you_want_to_reject > > Regards, > S > > -- > A: Because it reverses the logical flow of conversation. > Q: Why is top-posting frowned upon? > A: Top-posting. > Q: What is the most annoying thing in e-mail? > >
