>>>>> "Justin" == Justin <[EMAIL PROTECTED]> writes:
Justin> Does anyone see the value in a Throttle module that looked at
Justin> the apache parent status block and rejected any request where
Justin> another child was already busy servicing *that same IP* ?
Justin> (note: the real IP is in the header in a backend setup so it
Justin> is not possible to dig it out across children without
Justin> creating another bit of shared memory or using the filesystem?).
Justin> I'm still finding existing throttle modules do not pickup and
Justin> block parallel or fast request streams fast enough .. ok there are
Justin> no massive outages but 10 seconds of delay for everyone because
Justin> all demons are busy servicing the same guy before we can conclude
Justin> we're being flooded is not really great.. modperl driven forums
Justin> (or PHP ones even) can be killed this way since there are so
Justin> many links on one page, all active..
It would be pretty simple, basing it on my CPU-limiting throttle that
I've published in Linux Magazine
<http://www.stonehenge.com/merlyn/LinuxMag/col17.html>. Just grab a
flock on the CPU-logging file in the post-read-request phase instead
of writing to it. If you can't get the flock, reject the request.
Release the flock by closing the file in the log phase.
But this'd sure mess up my ordinary visit to you, since my browser
makes 4 connections in parallel to fetch images, and I believe most
browsers do that these days.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
