Dear David, Thank you for your kindly and quick reply. I am sorry that I thought the limitipconn module would totally prevent the DoS attacker from connecting to TCP 80 port. BTW, I am not sure how Apache and its DSOs work internally. But I wonder whether there is a way to achieve the result I expected? If it cannot done inside Apache or its DSOs, maybe it can be done by adding a rule to the system iptables? Thank you for your wonderful mod_limitipconn; hope it can be integrated to Apache trunk soon. On Thu, Jul 17, 2008 at 12:18 AM, David Jao <djao@xxxxxxxxxxx> wrote: > If you are getting 503 responses then it looks like the module is working. > The module does not limit connections, because that would be impossible -- > a user has to connect to your web server before the module can even see the > user. The module does limit responses if there are too many connections, > and that is what you are seeing. -- Yours Truly, James Z. Snell --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|