Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 14489 invoked by uid 6000); 3 Feb 1998 03:27:19 -0000
Received: (qmail 14476 invoked from network); 3 Feb 1998 03:27:18 -0000
Received: from twinlark.arctic.org (204.62.130.91)
  by taz.hyperreal.org with SMTP; 3 Feb 1998 03:27:18 -0000
Received: (qmail 18031 invoked by uid 500); 3 Feb 1998 03:39:14 -0000
Date: Mon, 2 Feb 1998 19:39:14 -0800 (PST)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: Re: yaDoS
In-Reply-To: <Pine.BSF.3.95q.980202200835.6464r-100000@valis.worldgate.com>
Message-ID: <Pine.LNX.3.96dg4.980202193831.3588v-100000@twinlark.arctic.org>
X-Comment: Visit http://www.arctic.org/~dgaudet/legal for information
 regarding copyright and disclaimer.
Organization: Transmeta Corp.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

And how do you deal with proxies?  We can't connection-limit proxies the
same way we can connection-limit end users.

Dean

On Mon, 2 Feb 1998, Marc Slemko wrote:

> This isn't a new issue and has been looked at, but the thing with it is
> that you require a real IP to do it and it shouldn't be that hard to
> simply see what IPs are doing it then filter them.
> 
> Someone (Ed Korthof <ed@organic.com>?) wrote a patch once to do limiting
> based on this, but it is a bit ugly and needs refining and was against
> 1.2bsomething to start I think.  Not sure if he has a more recent one...