httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] how to block the duplicated requests?
Date Tue, 19 May 2015 14:01:45 GMT
There are a few modules that you might be able to modify to meet your needs
- although these things are generally designed for DDoS protection.

   - mod_security - http://www.modsecurity.org/
   - mod_evasive - http://www.zdziarski.com/blog/?page_id=442
   - mod_cband - http://dembol.org/blog/mod_cband/
   - mod_limitipconn - http://dominia.org/djao/limitipconn2.html

Though those modules exist, this might be best implemented in your
application.

Another way to do it would be with a log parsing tool like Fail2Ban.

- Y

On Tue, May 19, 2015 at 4:29 AM, javalishixml <javalishixml@163.com> wrote:

> Hi,
>
> I have a website. It is built by apache + tomcat.
>
> Now we make a lottery activity at this website. But we find that some robots always raise
the duplicated requests to hit this lottery activity. It causes that robots almost get all
the awards.
>
> So we just want to block these kind of duplicated requests at every interval unit.
> For example, we set the interval unit is 3 seconds. The if the robot want to hit the
lottery activity in 3 seconds, the website could block this action.
>
> So how to do it? I suppose if we do it at tomcat level, is it a very low performance?
Can I do it at apache level? how to do it?
> If I could not do it apache level?
>
> Thanks in advance,
> Java Coder
>
>
>
>

Mime
View raw message