Evan Platt wrote:
At 12:59 PM 4/1/2009, you wrote:
What is the best way to limit concurrent connections per IP to, say, 20?
I'm having some problems with "connection storms" caused by bots
harvesting websites.
mod_limitipconn.c ?
http://dominia.org/djao/limitipconn2.html
I can vouch for mod_limitipconn. I use it myself to block "broken"
browsers that try to open too many simultaneous connections and fill up
the apache connection slots. As a global option, I have the block limit
set very high (70 connections). However, you can always be more
aggressive if you see fit. A value of 20 or 30 (as you stated in another
email) is pretty reasonable. The gotcha is that it could potentially
block legitimate requests from different people if they are all behind
the same NAT address (such as an office connection). That's one reason
why I'm not too aggressive in my settings.
Going the iptables route would work too, but I think it would be much
easier to just manage it strictly on the apache side.
--
Justin Pasher
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org