ons 2007-01-10 klockan 11:31 +0100 skrev Stefan Palme:
> No, you don't have overlooked something - I need this because of some
> strange attacks from outside, which make >1500 senseless requests per
> persistent connection (and very fast). But when the connection is
> closed, they don't try again (don't ask why - I don't know). So I wanted
> to limit the number of requests per pconn, because it does not really
> harm "regular" users, but keeps those "attacks" out.
Ok. Makes sense. But not sure it validates having a configuration option
for it..
In client_side.c you'll see a line like the following (look for
client_pconns):
if (!Config.onoff.client_pconns && !request->flags.must_keepalive)
request->flags.proxy_keepalive = 0;
just before or after this add
if (http->conn->nrequests > 100 && !request->flags.must_keepalive)
request->flags.proxy_keepalive = 0;
replace 100 by the limit you desire..
Better to identify these senseless requests and deny them, will achieve
the same thing but on the first identified request.
Regards
Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
