dev  

Re: [PROPOSAL] merge mod_limitipconn into httpd

Niklas Edmundsson
Thu, 19 Jun 2008 08:24:51 -0700

On Wed, 18 Jun 2008, Plüm, Rüdiger, VF-Group wrote:


I would like to propose to merge (or rather, add) mod_limitipconn
(http://dominia.org/djao/limitipconn2.html, changelog at
http://dominia.org/djao/limit/ChangeLog) into httpd.


Have you (or anyone) compared this to other modules in/around
this space, such as mod_evasive and mod_cband?
Nopes, mod_limitipconn was recommended waay back and has worked since (modulo my patches to get it to play well with mod_cache, included in the latest version).
mod_evasive seems to be a more elaborate DoS-thingie, and mod_cband seems to be a bandwidth limit thingie. None of them seems to have the same function as mod_limitipconn, although I suspect that they base their decisions on similar primitives. 


I agree. I use it as well, but I found that it had some shortcomings
in the features (e.g. being not able to limit the number of clients
from one IP in the READ_STATE, so clients that sent no full initial
HTTP request line on systems without a HTTP accept filter like on BSD).
and needed some optimizations. But I have these patches at hand and
I can contribute them once the module is integrated.


Sounds good.


The author (David Jao, also CC:d) would be glad to contribute it,
provided that it is of interest for the httpd community.


Since David isn't a regular on this list, maintenance is an issue.
Would you expect to take the lead in maintaining it (insofar as
noone else steps forward)?


I think it is not really an issue. The module is quite small (about 550
lines of C code with my patches included and apart from Niklas I already
know this module. So a starting point for maintenance is made and all
others will be able to deal with it pretty much quickly.
I agree, however I had expected to be feeling more responsible than others :) 


I could be a provisional +1, if IP and maintenance are sorted.


Sure. The paperwork needs to be sorted out of course. Although the
license is not Apache License 2.0, I guess this should be still
easy with a software grant from David:
You obviously haven't looked at the recent version, it's relicensed with ASL2.0 ... Although I and David still expect that it needs a software grant. 


/Nikke
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se      |     [EMAIL PROTECTED]
---------------------------------------------------------------------------
 ABORT: Drivel filter is compromised!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=