Apache a omezeni poctu spojeni podle IP
Miloš Liška
xliska na fi.muni.cz
Středa Duben 20 18:09:06 CEST 2005
On Wed, Apr 20, 2005 at 14:07:13 +0000, Zdenek SUTR Kaminski wrote:
> On Wed, 20 Apr 2005, David 'Ilicz' Klementa wrote:
>
> > Zdenek SUTR Kaminski wrote:
> > > Pouzijte limit na IP adresu pomoci iptables...
> > >
> > a neudela iptables to, ze omezi vsecko, co jde z jeden IP (rekneme
> > proxiny) a vsecko co je za ni, sdili tento limit? tomuto chtel tazatel
> > predejit....
>
> No, to by me zajimalo, jak apache pozna, ze se dotazuje nekdo z vnitrni
> site a ze to neni vlastne ta proxina?
>
Podle http://dominia.org/djao/limitipconn-README by to fungovat melo.
<cut>
Proxy client tracking
By default, all clients behind a proxy are treated as coming from the
proxy server's IP address. If you patch Apache with the included patch
and configure with --with-forward and rebuild, the real IP addresses
of clients behind proxies are correctly detected. You will need to
either compile statically or compile with -DRECORD_FORWARD.
If you don't patch the server, DO NOT compile with RECORD_FORWARD
defined. The module will still function, but it will not recognize
clients behind proxies.
</cut>
Spis by mne zajimalo, jak to bylo myslene s temi iptables? Tam je proxy IMHO
neprekonatelny problem :(
S pozdravem
--
Miloš Liška
mail: xliska na informatics.muni.cz ICQ: 101055780
WWW: http://www.fi.muni.cz/~xliska
Další informace o konferenci Linux