Re:Re: [users@httpd] how to block the duplicated requests?

[javalishixml <javalishixml@xxxxxxx>]

Great thank you, Yehuda.

I see you speak "Though those modules exist, this might be best implemented in your application"

How can I understand it? I should write a c program for apache? or I should write some java web application at tomcat level?

Because this is a web site, it has to face concurrency issue. So I prefer to resolve this issue at httpd level.
Not sure if my thinking is good or not? 

Can you plz explain it more clear...

Looking forward to your nice feedback    :)

At 2015-05-19 22:01:45, "Yehuda Katz" <yehuda@xxxxxxxxxx> wrote:

There are a few modules that you might be able to modify to meet your needs - although these things are generally designed for DDoS protection.

• mod_security - http://www.modsecurity.org/
• mod_evasive - http://www.zdziarski.com/blog/?page_id=442
• mod_cband - http://dembol.org/blog/mod_cband/
  
• mod_limitipconn - http://dominia.org/djao/limitipconn2.html

Though those modules exist, this might be best implemented in your application.

Another way to do it would be with a log parsing tool like Fail2Ban.

- Y

On Tue, May 19, 2015 at 4:29 AM, javalishixml <javalishixml@xxxxxxx> wrote:

Hi,

I have a website. It is built by apache + tomcat.

Now we make a lottery activity at this website. But we find that some robots always raise the duplicated requests to hit this lottery activity. It causes that robots almost get all the awards.

So we just want to block these kind of duplicated requests at every interval unit.
For example, we set the interval unit is 3 seconds. The if the robot want to hit the lottery activity in 3 seconds, the website could block this action.

So how to do it? I suppose if we do it at tomcat level, is it a very low performance? Can I do it at apache level? how to do it?
If I could not do it apache level?

Thanks in advance,
Java Coder