[Info-vax] Apache... anyone built mod_limitipconn for VMS?

VAXman- at SendSpamHere.ORG VAXman- at SendSpamHere.ORG
Thu Jan 14 19:32:37 EST 2010 

In article <00A978BD.845E4274 at SendSpamHere.ORG>, VAXman-  @SendSpamHere.ORG writes:
>In article <7r9en3Fqd2U1 at mid.individual.net>, billg999 at cs.uofs.edu (Bill Gunshannon) writes:
>>In article <00A978B8.F19288F7 at sendspamhere.org>,
>>	VAXman-  @SendSpamHere.ORG writes:
>>> In article <84b427-i46.ln1 at Ubuntu.mike-r.com>, Mike Rechtman <mike at rechtman.com> writes:
>>>>VAXman- @SendSpamHere.ORG wrote:
>>>>> Subject says it all.  I need to place limits on the Apache server due to
>>>>> what appears to be a DoS.
>>>>> 
>>>>Is limiting the number of servers (cf. httpd.conf) not good enough?
>>> 
>>> I want to limit multiple HTTP downloads (large downloads) requested from
>>> the client address.  I would like to keep the number of servers available
>>> to service requests from other clients.
>>> 
>>> I've downloaded the Apache (CSWS 2.1) source from the HP site but there's
>>> very little info contained therein on building a modules for Apache.
>>
>>Does the IP Stack your using allow you to block particular IP's? 
>>That's what I do when I want to block someone from a particular
>>machine.  Of course it is much more likely that I would just block
>>them at the firewall because if they are attacking one host now it
>>is very likely they will expand their attacks later.  And even if
>>they just scan the network looking for hosts they are sucking up
>>my bandwidth.  Best practice we learned at Ft. Gordon --  Always
>>block as close to the source as you can.
>
>That would block them COMPLETELY.  I have a site with many large downloads
>available and I find some people that want these fire up downloads of all
>at one time.  That becomes a near DoS here when the network is saturated.
>This happened this morning causing problems with the radio station and I
>had a number of irate listener emails in the emailbox later in the day.
>
>But, to answer your question, yes.  I can block this on the machine or I
>could block it in the Cisco; neither of these would solve would having
>the MOD_LIMITIPCONN module could do for me.  MOD_SECURITY could also be
>used but I looked and it is much more complex code.  MOD_LIMITIPCONN is
>fairly small and lends itself nicely to what I need/want to do.

I managed to build this Apache module extension.  It's been installed,
it's working and it's doing everything as advertised.


-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

  http://www.quirkfactory.com/popart/asskey/eqn2.png
  
  "Well my son, life is like a beanstalk, isn't it?"

More information about the Info-vax mailing list