httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] Re:Re: [users@httpd] how to block the duplicated requests?
Date Tue, 19 May 2015 19:40:24 GMT
I would recommend that you write it into your java application. An
application that does a "lottery" with each request should probably include
rate-limiting itself. That way, if you ever make changes, all the logic of
the application is in one place.

- Y

Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
On May 19, 2015 11:22 AM, "javalishixml" <javalishixml@163.com> wrote:

>
> Great thank you, Yehuda.
>
> I see you speak "Though those modules exist, this might be best
> implemented in your application"
> How can I understand it? I should write a c program for apache? or I
> should write some java web application at tomcat level?
> Because this is a web site, it has to face concurrency issue. So I prefer
> to resolve this issue at httpd level.
> Not sure if my thinking is good or not?
> Can you plz explain it more clear...
>
> Looking forward to your nice feedback    :)
>
> At 2015-05-19 22:01:45, "Yehuda Katz" <yehuda@ymkatz.net> wrote:
>
> There are a few modules that you might be able to modify to meet your
> needs - although these things are generally designed for DDoS protection.
>
>    - mod_security - http://www.modsecurity.org/
>    - mod_evasive - http://www.zdziarski.com/blog/?page_id=442
>    - mod_cband - http://dembol.org/blog/mod_cband/
>    - mod_limitipconn - http://dominia.org/djao/limitipconn2.html
>
> Though those modules exist, this might be best implemented in your
> application.
>
> Another way to do it would be with a log parsing tool like Fail2Ban.
>
> - Y
>
> On Tue, May 19, 2015 at 4:29 AM, javalishixml <javalishixml@163.com>
> wrote:
>
>> Hi,
>>
>> I have a website. It is built by apache + tomcat.
>>
>> Now we make a lottery activity at this website. But we find that some robots always
raise the duplicated requests to hit this lottery activity. It causes that robots almost get
all the awards.
>>
>> So we just want to block these kind of duplicated requests at every interval unit.
>> For example, we set the interval unit is 3 seconds. The if the robot want to hit
the lottery activity in 3 seconds, the website could block this action.
>>
>> So how to do it? I suppose if we do it at tomcat level, is it a very low performance?
Can I do it at apache level? how to do it?
>> If I could not do it apache level?
>>
>> Thanks in advance,
>> Java Coder
>>
>>
>>
>>
>
>
>

Mime
View raw message