On Sat, Aug 13, 2005 at 11:32:53AM +0200, Maxim Vexler wrote: > > > The DoS was caused because a client tried to use one of the popular > > > spiders to download the whole site. > > > > > > I've attached a clip from the error log & the access log (CR/LF terminated). > > > > > > As you can see the DoS client can be identified by his IP address. > > > The same behavior continued for ~8 hours :( > > > > > > What can be done to stop the "attack" ? ... > Sean, thank you for the quick replay. > Don't you think that a complete block on the client's IP is a too rush tactic? > It's a legitimate user, his only fault was that he used this spidering > tool, which had the side effect of DoS on the httpd daemon, I honestly > don't think the client meant this to occur. > > I would like to note that I'm looking for some kind of automatic tool > to fight this. > Maybe a mod for Apache that could reject the client at the httpd > daemon level on a time based period? the logic behind this is that > this machine is not frequently monitored and I would prefer some kind > of automatic solution. mod_throttle can do this I believe (for Apache 1.3 only). http://www.snert.com/Software/mod_throttle/#ThrottleClientIP --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|