Return-Path: 
 <users-return-76932-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 84145 invoked from network); 5 Nov 2007 08:13:15 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 5 Nov 2007 08:13:15 -0000
Received: (qmail 79486 invoked by uid 500); 5 Nov 2007 08:12:54 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 78645 invoked by uid 500); 5 Nov 2007 08:12:52 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 78634 invoked by uid 99); 5 Nov 2007 08:12:52 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Nov 2007 00:12:52 -0800
X-ASF-Spam-Status: No, hits=-4.0 required=10.0
	tests=RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [194.41.216.135] (HELO mx2.post.ch) (194.41.216.135)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Nov 2007 08:12:53 +0000
Date: Mon, 5 Nov 2007 09:12:30 +0100
From: Christian Folini <christian.folini@post.ch>
To: users@httpd.apache.org
Message-ID: <20071105081230.GD14867@w032y7.pnet.ch>
References: <f36128690711041545h6fb83b70x96cca270d2e2e32a@mail.gmail.com>
 <20071104235516.4f0bb9d3@grimnir>
 <f36128690711042330t4f6e290euab0e8cb3cae4bb85@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <f36128690711042330t4f6e290euab0e8cb3cae4bb85@mail.gmail.com>
User-Agent: Mutt/1.5.9i
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Protection against impolite bots

On Mon, Nov 05, 2007 at 02:30:02AM -0500, Nilesh Bansal wrote:
> Hi,
> 
> Thanks Nick. mod_loadavg is not very useful since we have a tomcat
> behind the apache proxy doing real heavyweight work. Also mod_evasive
> is a bit restrictive since it wants multiple requests to the exact
> same URI or exact same apache child.

You might want to have a look at mod_qos.

-> from the doc:
* QS_SrvMaxConnPerIP <number>
  Defines the maximum number of connections per source IP address.

Regs,

Christian

> 
> > 20 requests per second from one IP isn't necessarily abuse.  Even if
> > you don't have pages containing lots of images (thus asking clients
> Looking at the log file, you can easily see that it is a malicious
> user. For example, client always asks the same url but with an extra
> "j" appended in the search query for every new request. Sometimes the
> request URL is very long. And 20 searches per second in our
> application generates quite a lot of load.
> 
> > Having said that, there are a number of third-party modules to do
> > what you're asking.  mod_evasive, for example, is designed for
> > precisely that purpose.  See modules.apache.org for others.
> 
> > There are other approaches you could consider if the real issue
> > is a heavyweight application, so that 20/sec is hurting the server.
> > For example, mod_load_average can be used to refuse to run the
> > heavyweight app and return a "server busy" page instead when the
> > load is too high.  That way, static stuff will be unaffected by
> > the heavy traffic.
> >
> > --
> > Nick Kew
> >
> > Application Development with Apache - the Apache Modules Book
> > http://www.apachetutor.org/
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> 
> -- 
> Nilesh Bansal.
> http://queens.db.toronto.edu/~nilesh/
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org