Forum Moderators: phranque
Lately some robot hit me badly - ie it consumed nearly 20% of my monthly allowed traffic in two hours. Though the site is on shared hosting, I was so upset that I decided to set up some (primitive) access control mechanism.
[ I must say that this whole strategy has been greatly inspired by previous posts in this forum :-) ]
The process begins with a htaccess file which redirects any Html page request to a PHP script which does some checking in a MySql table:
Action request_handler /access.php
AddHandler request_handler html
Basically, the script does the following: when the time interval between two requests is inferior to some required idle value, then a time penalty is added (it becomes the new idle value); the penalty grows by 2^n (n is incremented or decremented according to client behavior).
If the client behaves badly, it receives a 503 Service unavailable with a Retry: value equal to the idle time; if the client behaves nicely, the script reads the file (readfile() and the request is seen by the user as if it had been served normally.
So far so good!
But the site is bilingual and actually it relies heavily on content negotiation, for language as well as encoding. Negotiation can occur for all these cases:
file.html.html
file.html.gz
file.html.en
file.html.en.gz
file.html.fr
file.html.fr.gz
And unfortunately, no content negotiation can occur in this context, that is the AddHandler directive stops any further negotiation.
So, is it possible to have the best of both worlds, content negotiation and access control, in this way?
On the other hand, I know of the possible use of send-as-is which, if I understand well, is like having Apache working in manual mode. I would gratefully take any advice about the pros and cons of using send-as-is.
Thanks,
JJS.
1) Have you looked into mod_throttle ([snert.com ])?
2) One thing to note about Apache; a given request is passed sequentially to each module, in reverse order. IOW, the request is passed to the module at the bottom of your LoadModule list, and when that module's done, the request is (probably) passed to the next module up the list. Thus, one can have mod_negotiation perform its actions *before* your PHP script by ensuring that, one way or another, PHP is appears farther up the list of modules than mod_negotiation. Note that this /may/ have unexpected side effects. I'd strongly suggest testing any changes to the order in which the modules are called before rolling it to production.
These possibilities appear promising, but unfortunately they are out of reach (since I'm on shared hosting).
I'm currently trying to reproduce Multiviews behaviour via a PHP script.
This solution is less flexible as content negociation is entirely handled by the script, including making of conformant Http headers.
However, it seems to work without any noticeable performance drop.
Bypassing Apache built-in features seems silly but apparently there are no alternatives in this particular case.
Thanks,
JJS.
