Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 17026 invoked from network); 8 Feb 2007 19:03:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Feb 2007 19:03:45 -0000 Received: (qmail 75025 invoked by uid 500); 8 Feb 2007 19:03:48 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 74969 invoked by uid 500); 8 Feb 2007 19:03:48 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 74957 invoked by uid 99); 8 Feb 2007 19:03:47 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Feb 2007 11:03:47 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of jslive@gmail.com designates 64.233.162.225 as permitted sender) Received: from [64.233.162.225] (HELO nz-out-0506.google.com) (64.233.162.225) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Feb 2007 11:03:38 -0800 Received: by nz-out-0506.google.com with SMTP id x7so608993nzc for ; Thu, 08 Feb 2007 11:03:17 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=blGevWMIiVTTAD+LZLSkeQfX2wen5orkFPvlvRv2l2xNYbUCV6wAdgZwFLNM4pYvzA36DtxGtpajElYoiW6zpk6Ecqk0F4dopJXMHtT3syXuymvnZhoH8hYONkbRRGnWpksDHihM6CCnxycr6vvF62nU872W2jE3XTLmkIRvrXg= Received: by 10.114.135.1 with SMTP id i1mr3639956wad.1170961397196; Thu, 08 Feb 2007 11:03:17 -0800 (PST) Received: by 10.70.19.8 with HTTP; Thu, 8 Feb 2007 11:03:16 -0800 (PST) Message-ID: Date: Thu, 8 Feb 2007 14:03:16 -0500 From: "Joshua Slive" Sender: jslive@gmail.com To: dev@httpd.apache.org Subject: Re: Large Resource Consumption by One User Access to mp3 File In-Reply-To: <000701c74bb0$5108d890$650a2b0a@WS> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <000701c74bb0$5108d890$650a2b0a@WS> X-Google-Sender-Auth: b8dda57b49cf911e X-Virus-Checked: Checked by ClamAV on apache.org On 2/8/07, Greg Sims wrote: > This consumption of resource seems unfair to other users that are trying to > use the system at the same time. Is it possible to control resource > allocation so that it is fair to all users? Is there something about the response I made to your dev@httpd cross-post that you didn't understand or that you wanted clarification of? As I said: The user in question is using some kind of download accelerator that uses multiple byte-range requests to access the same file simultaneously over multiple connections. In general, these accelerators are designed simply to squeeze out other users and hence get faster downloads. It should be considered and handled like a denial-of-service attack. Some documentation on that is here: http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos In general, either use a firewall to restrict number of connections per IP, or use a third-party module to do the same. See http://modules.apache.org/ Joshua