httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: yaDoS
Date Tue, 03 Feb 1998 03:30:35 GMT
On Mon, 2 Feb 1998, Dean Gaudet wrote:

> And how do you deal with proxies?  We can't connection-limit proxies the
> same way we can connection-limit end users.

You assume that whatever proxy you are using on whatever site, you will
have enough other traffic that the proxy never gets that much usage.  Your
limits have to be set somewhat high.

When you reach a point of not serving any clients due to being full
serving connections from one client, I don't care if it is a proxy or not
or legit or not; I want it out.  The in-between is, of course, harder.

> 
> Dean
> 
> On Mon, 2 Feb 1998, Marc Slemko wrote:
> 
> > This isn't a new issue and has been looked at, but the thing with it is
> > that you require a real IP to do it and it shouldn't be that hard to
> > simply see what IPs are doing it then filter them.
> > 
> > Someone (Ed Korthof <ed@organic.com>?) wrote a patch once to do limiting
> > based on this, but it is a bit ugly and needs refining and was against
> > 1.2bsomething to start I think.  Not sure if he has a more recent one...
> 


Mime
View raw message