William A. Rowe, Jr. wrote: > Ivan Barrera A. wrote: >> William A. Rowe, Jr. wrote: >>> No. Run multiple instances of httpd against different IP addresses. >>> >>> There's no way to decide about accepting per-named-host. >> There are some third party modules that can do it. >> I only wrote for apache 2, but there is equivalents in apache 1. > > Let me clarify - it's possible through a third party or write-your-own > module to decide if a given host should be processed or rejected with > a 5XX error. > > But it's not possible to control which of many pending connections the > server will accept() next by name, because the name is one of the http > header fields that can only be parsed once the connection -is- accepted. > > By IP address and/or multiple instances, it's possible to throttle the > number of pending and accepted connections, because it's not dependent > on inspecting the http headers. > Seen that way, your answer is right. However, i think the question was more about trying to avoid some site using most of the apache childs for itself. That's why he asked about "limit a site" (refering to a vhost). Trying to limit in the way of ip address, will be similar in attemping to avoid a DoS attack. > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|