On Wed, May 28, 2008 at 1:50 PM, <[EMAIL PROTECTED]> wrote: > > I found this when I ran into a simuilar situation although I have not yet > had a chance to try it : > > http://bwmod.sourceforge.net/files/mod_bw-0.7.txt > > Looks like you can set max connections but not by ip.
Just to finalize, I ended up using: http://www.ivn.cl/apache#bandwidth This allows setting connection and bandwidth limits based on IP or across a site. Worked like a charm (webserver load down from 20 to 2). Sean > "Sean Davis" <[EMAIL PROTECTED]> > > 2008/05/28 11:34 > > To > "Fred Moyer" <[EMAIL PROTECTED]> > cc > modperl <modperl@perl.apache.org> > Subject > Re: [OT] connection limitation > > > > On Wed, May 28, 2008 at 1:19 PM, Fred Moyer <[EMAIL PROTECTED]> wrote: >> Sean Davis wrote: >>> >>> This is decidedly off-topic.... >>> >>> We run a pretty small website (multi-use) on Apache (2.2) and mod_perl >>> (along with some php, cgi, and static content). Unfortunately, our >>> organization has recently decided to institute the policy of scanning >>> the site on a regular basis for security reasons. The scan software >>> crawls all links and URLs on the site, hitting each one with multiple >>> forms of attack. In some parts of the world, this is called a >>> denial-of-service attack, but here it is called a security scan. I >>> have no control over the scan parameters, so I am looking for a >>> meaningful way of limiting the number of connections (not really >>> bandwidth, since we host VERY large static files) from a single IP. >>> Any suggestions? >> >> You could do this with mod_perl by using something like Apache::Scoreboard >> - >> http://search.cpan.org/dist/Apache-Scoreboard >> >> Check to see if the number of server side children are maxed out for a >> given >> ip, and return a 503 if that is the case. > > This sounds like a viable option, yes. It also allows lots of > flexibility.... > >> But if you are running Linux an alternative way to do this might be with >> iptables and the iplimit module - >> http://linuxgazette.net/108/odonovan.html > > I'm on macos, currently. > > Thanks. >
