ons 2007-01-10 klockan 11:31 +0100 skrev Stefan Palme:
> No, you don't have overlooked something - I need this because of some
> strange attacks from outside, which make >1500 senseless requests per
> persistent connection (and very fast). But when the connection is
> closed, they don't try again (don't ask why - I don't know). So I wanted
> to limit the number of requests per pconn, because it does not really
> harm "regular" users, but keeps those "attacks" out.
Ok. Makes sense. But not sure it validates having a configuration option
for it..
In client_side.c you'll see a line like the following (look for
client_pconns):
if (!Config.onoff.client_pconns && !request->flags.must_keepalive)
request->flags.proxy_keepalive = 0;
just before or after this add
if (http->conn->nrequests > 100 && !request->flags.must_keepalive)
request->flags.proxy_keepalive = 0;
replace 100 by the limit you desire..
Better to identify these senseless requests and deny them, will achieve
the same thing but on the first identified request.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST