Thanks, maybe I will use this as a first solution, until a
better approach to lock them out permanently is found...
-stefan-
On Wed, 2007-01-10 at 12:17 +0100, Henrik Nordstrom wrote:
> ons 2007-01-10 klockan 11:31 +0100 skrev Stefan Palme:
>
> > No, you don't have overlooked something - I need this because of some
> > strange attacks from outside, which make >1500 senseless requests per
> > persistent connection (and very fast). But when the connection is
> > closed, they don't try again (don't ask why - I don't know). So I wanted
> > to limit the number of requests per pconn, because it does not really
> > harm "regular" users, but keeps those "attacks" out.
>
> Ok. Makes sense. But not sure it validates having a configuration option
> for it..
>
> In client_side.c you'll see a line like the following (look for
> client_pconns):
>
> if (!Config.onoff.client_pconns && !request->flags.must_keepalive)
> request->flags.proxy_keepalive = 0;
>
> just before or after this add
>
> if (http->conn->nrequests > 100 && !request->flags.must_keepalive)
> request->flags.proxy_keepalive = 0;
>
> replace 100 by the limit you desire..
>
>
> Better to identify these senseless requests and deny them, will achieve
> the same thing but on the first identified request.
>
> Regards
> Henrik
-- ------------------------------------------------------------------- Dipl. Inf. (FH) Stefan Palme email: kleiner@hora-obscura.de www: http://hbci4java.kapott.org icq: 36376278 phon: +49 341 3910484 fax: +49 1212 517956219 mobil: +49 178 3227887 key fingerprint: 1BA7 D217 36A1 534C A5AD F18A E2D1 488A E904 F9EC -------------------------------------------------------------------Received on Wed Jan 10 2007 - 05:00:31 MST
This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST