Forum Moderators: phranque
To make matters worse, each request forced a 200 response: including style sheets and many other files that would normally trigger a 304. Not looking forward to my bandwidth overage charge...
Skimming the 6.4MB log this fellow single-handedly (probably literally) generated, I have to presume that he manually criss-crossed the website with his misconfigured browser. I don't think this was done through a download tool.
Rather than blocking the ip address (which might well be dynamically allocated), I would love to hear some suggestions on how to auto-throttle / temporarily block users like this one. Can it be done through Apache itself, or without incurring too much of an overall performance penalty?
[edited by: physics at 1:54 am (utc) on Nov. 29, 2008]
[edit reason] Removed IP information [/edit]
The user's behavior was not quite DOS-ing, rather accessing a great number of different files in a session that lasted almost two hours...
This for example never came close to happenening:
- The IP address of the requestor and the URI are both hashed into a "key".
A lookup is performed in the listener's internal hash table to determine
if the same host has requested this page more than once within the past
1 second.
Perhaps I should have asked differently: is there a utility to limit the max amount of data transferred by any user in a particular time period (ideally both per minute and per browser session)?
Otherwise, I might roll my own using cookies - is that too naive a thought?
It seems like it can do what you want:
DOSSiteCount
Same as 'DOSPageCount', but corresponds to the number of requests for a given site, and uses the 'DOSSiteInterval' interval.DOSSiteInterval
Interval for the 'DOSSiteCount' threshold in second intervals.
This, and any module / solution like it, is to be used cautiously though. You don't want to end up blocking good bots or users...
Download it and have a look at the README / source before you go off writing your own though ;)
