Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: OT? Device to limit simultaneous connections per host?

  • From: Paul G
  • Date: Wed Aug 17 18:11:36 2005


----- Original Message ----- 
From: "David Hubbard" <dhubbard@dino.hostasaurus.com>
To: <nanog@merit.edu>
Sent: Wednesday, August 17, 2005 5:50 PM
Subject: OT? Device to limit simultaneous connections per host?



> Hello everyone, I'm curious if anyone knows of a
> device that can throttle or limit a remote
> host's simultaneous connections or requests per
> second for web traffic on a per-IP basis.
 --- snip ---

not exactly what you want, but mod_throttle will do (some of) this if you
are using apache. however, keep in mind that mod_throttle had an integer
underflow bug affecting its concurrent connection counter last time i used
it. it's fairly trivial to find and fix and i still have the patch somewhere
i think. it was also forwarded to the author, who regrettably expressed
little interest in applying it for reasons best known to him (and no longer
remembered by me).

on a more general note, it is important to think carefully about what it is
that you really want to throttle. throttling connections is easy (or easier
at least) in comparison to throttling requests, since the latter can be done
only if a) you are doing this throttling within the webserver (you already
have a request sequence) or b) if you parse individual requests out of a
pipelined request stream yourself. you should likewise consider how said
throttling should take place - do you want to 'shape' (block for a period of
time) or 'rate limit' (drop on the floor)? if it is the former, doing it
after it hits your webserver is significantly less useful than preventing it
from hitting it in the first place.

not sure how on-topic this is (wrt nanog *or* the op's question), so i've
kept it to a few assorted thoughts. hth.

-p

---
paul galynin





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.