On occasion, we have people with download manages take up an excessive number of http connections in apache. Is there a way we can limit this with shorewall such that each IP is limited to a certain number of port 80 connections at any given time? - Sean ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Hi, You can handle this with apache by using a module, libapache-mod-choke. http://os.cyberheatinc.com/mod_choke.php Thank you, Daniel Wyatt -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Sean Muse Sent: Thursday, August 25, 2005 12:44 PM To: shorewall-users@lists.sourceforge.net Subject: [Shorewall-users] Excessive HTTP Connections On occasion, we have people with download manages take up an excessive number of http connections in apache. Is there a way we can limit this with shorewall such that each IP is limited to a certain number of port 80 connections at any given time? - Sean ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
Sean Muse wrote:> On occasion, we have people with download manages take up an excessive > number of http connections in apache. Is there a way we can limit > this with shorewall such that each IP is limited to a certain number > of port 80 connections at any given time?No. There is a ''connlimit match'' feature in Patch-O-matic-ng but Shorewall contains no direct support for it. You could install that feature and use an extension script (http://www.shorewall.net/shorewall_extension_scripts.htm) with an Action (http://www.shorewall.net/Actions.html#Extension) to do what you are asking. There are also Apache modules that do what you want (mod_choke and mod_throttle) but I don''t believe that any of those are available for Apache 2.0 :-( -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> There are also Apache modules that do what you want (mod_choke and > mod_throttle) but I don''t believe that any of those are available for Apache > 2.0 :-(The lack of these in Apache 2.0 is my issue. Thanks for the information everyone! - Sean ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf