1) Block the mass-downloading clients by their User-agent name (using mod_rewrite or mod_setenvif and mod_access).
2) Write a PERL or PHP script to limit the number of connections per IP address per unit time.
3) Both.

Jim

thanks jd...

1- i already have agent blocking....but as im sure you're aware they caught onto this along time ago,and most programs spoof their agent to a standard browser...

2- im not sure what you mean by this....if you mean to hide the real path to the file, then thats not very practical if you have lots of files, and their paths already posted on your website....as for limiting connection by ip...most of my users are behind proxies...so that wont be very good....

isnt there another way to do this? perhaps a limit on the number of connections to certain mime types, or per user session etc?

thanks

2) I said nothing about changing URLs or filenames -- Not sure where that came from. But then again, a URL and a filename are two different things, and there is no fixed relationship required between the two, as a short exercise with mod_rewrite or ISAPI Rewrite will demonstrate. So you could still interpose a script between the URLs and the files to limit access if desired.

I have no idea what your site is like, so back to fundamentals:

List out the reliable information you do have about each user, be that user-agent, IP address, session ID, cookie(s), X_FORWARDED_FOR proxy headers, etc.

Then devise a script to track each user based on that information and limit the number of connections for that user to some number per unit time.

If you have no reliable per-user information, then your only option is a blanket bandwidth limitation or access limitations on a per-file basis -- both of which are 'unfair' to your users who are not abusing your server (since all users will be limited with this kind of approach).

Jim