> you are using "cgi.remote_addr" Thanks. I somewhat doubt that is the problem because it is not a busy site and the ip numbers are all quite different, but I can try. (Btw, I went by the wiki info, so might update that.)
For example, why would minhittime=0 end all throttling entirely? It should only short-circuit the MINHITTIME counter, correct? But with 500 I get lots, with 0 I get none. Also, I might re-ask from above: It also doesn't seem to do much anyway. I opened 20 tabs quickly and then some were blocked but then the next ones weren't, so what good is it? How is it actually throttling someone? Abusers won't care about retry-after. Why isn't there a blockperiod attribute? Or how should I do that? Finally, what is the bizarre Age date format? Docs say "AGE - the date since the first hit" The Middle Ages, 1399, was a while a go ;-) Seconds? Thanks again, I know you're busy adding features! On Dec 1, 9:25 pm, Alan Williamson <[email protected]> wrote: > forgot! let me look now for you. > > A client is identified by the string you specify in TOKEN. Now i note > you are using "cgi.remote_addr" which is probably not enough to uniquely > identify people. You may wish to add in say CFTOKEN/CFID to that mix. > Or use your own cookie. I suspect this is the root of your problems. > > That TOKEN is then checked to see if it has been hit too many times > within a given period of time ( HITTHREHOLD + HITTIMEPERIOD ) > > Then if checks, to see if the time between the last hit and current > isn't smaller than MINHITTIME; if it is then it is throttled. > > If the time since the last request is greater than HITTIMEPERIOD then > all internal counters are reset. > > Hope this helps, but i suspect your TOKEN determination is the problem > > ziggy wrote: > > Just checking in on this. > > > On Nov 17, 10:23 am, ziggy<[email protected]> wrote: > >>> <cfthrottletoken="#cgi.REMOTE_ADDR#" hitthreshold="20" > >>> hittimeperiod="10000"> > >>> Then I added the minhittime="200" (or 0 which ended all throttling > >>> hits, surprisingly). > > -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon mailing list - http://groups.google.com/group/openbd?hl=en !! save a network - please trim replies before posting !!
