On Thu, 7 Jan 1999, Niels Poppe wrote:
> Marc Slemko wrote:
> >
> > On Tue, 5 Jan 1999, John wrote:
> >
> > > I think this would be a very useful option to have built into the main
> > > distribution (or at least available via option "most"), just like the
> > > other useful limitations we can make for timeouts, etc.
> >
> > It probably will be at some point in the near future.
> >
> > Proxies aren't really a big issue as long as your limits are high enough;
> > except in special situations, if a single proxy is making enough
> > simultaneous connections to hit such a limit then it is being bad and
> > should be denied anyway.
> >
>
> Such an option would be useful to protect your server from attacks,
> sure. But then, what's bad about being a masquerading gateway for an
> intranet of, say 1000 clients, where 250 users decide to browse your
> page at noon? Would it be better to have them all use a
> different gateway?
This is getting more offtopic so I don't tihnk I can continue this too
much here, but...
If you have 250 people from behind one gateway (can be a proxy, a IP level
NAT box, etc.) that are accessing your site (although that doesn't
necessarily mean you will have 250 connections; could be more or it could
be much less depending) at any given time then, unless there is some
external relationship between them and your site, you are almost certainly
going to have thousands and thousands of other people accessing your site
at the same time. Therefore, saying that only x% can come from this IP is
not a major hardship.
If there is a special relation (eg. a website for your company that lots
of employees access from behind a gateway) you can be aware of that and
configure your server appropriately so it isn't an issue.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
