Thanks, maybe I will use this as a first solution, until a better approach to lock them out permanently is found... -stefan- On Wed, 2007-01-10 at 12:17 +0100, Henrik Nordstrom wrote: > ons 2007-01-10 klockan 11:31 +0100 skrev Stefan Palme: > > > No, you don't have overlooked something - I need this because of some > > strange attacks from outside, which make >1500 senseless requests per > > persistent connection (and very fast). But when the connection is > > closed, they don't try again (don't ask why - I don't know). So I wanted > > to limit the number of requests per pconn, because it does not really > > harm "regular" users, but keeps those "attacks" out. > > Ok. Makes sense. But not sure it validates having a configuration option > for it.. > > In client_side.c you'll see a line like the following (look for > client_pconns): > > if (!Config.onoff.client_pconns && !request->flags.must_keepalive) > request->flags.proxy_keepalive = 0; > > just before or after this add > > if (http->conn->nrequests > 100 && !request->flags.must_keepalive) > request->flags.proxy_keepalive = 0; > > replace 100 by the limit you desire.. > > > Better to identify these senseless requests and deny them, will achieve > the same thing but on the first identified request. > > Regards > Henrik -- ------------------------------------------------------------------- Dipl. Inf. (FH) Stefan Palme email: kleiner@xxxxxxxxxxxxxxx www: http://hbci4java.kapott.org icq: 36376278 phon: +49 341 3910484 fax: +49 1212 517956219 mobil: +49 178 3227887 key fingerprint: 1BA7 D217 36A1 534C A5AD F18A E2D1 488A E904 F9EC -------------------------------------------------------------------
