www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Valiquette <v.si...@ieee.org>
Subject Re: Unusual Traffic
Date Wed, 13 May 2009 03:58:20 GMT
Henk P. Penning un jour écrivit:
> On Tue, 12 May 2009, Silio d' Angelo wrote:
> 
>> Date: Tue, 12 May 2009 13:01:47 +0200 (CEST)
>> From: Silio d' Angelo <dangelo@gno.uniroma2.it>
>> To: mirrors@apache.org
>> Subject: Re: Unusual Traffic
>>
>> may be download accelerators have this attitude but to download
>> something like 86,000,000 bytes about 12,000 times, it seems to me a
>> little excessive. And also, why all that is usually originated from
>> an IP non resolving the reverse address and most of the times from
>> some Chinese network ? This slows down the response of the server,
>> floods the log files and also sinks almost all the "ipport_userreserved".
>>
>> Have you any suggestion on how to minimize their effects ?
> 
>   ... I am not aware of options/settings to block retrieval
>   of 'partial content' ; these bad download accelerators are
>   just abusers of your 'open' system.
> 

   I use the following in Apache, which basically disable range downloads 
and render download accelerators quite useless (and a lot less harmful to 
mirrors).


# If not already activated
RewriteEngine On

# return 403 forbiden for download accelerators for ISO and .exe files
RewriteCond %{HTTP:Range} !^$
RewriteRule \.(iso|exe)$ / [F,L]


   Unfortunately, it also means that resuming a download with something 
like "wget -c" won't works and will restart the download from scratch. 
Unfortunately, because of a large number of abuser, and because just 
restricting the number of simultaneous downloads from a single IP just 
creates others problems (like when many people are behind a NAT), it is 
the best solution I found thus far.


Simon Valiquette
http://gulus.USherbrooke.ca

Mime
View raw message