Apache a omezeni poctu spojeni podle IP
David 'Ilicz' Klementa
ilicz na seznam.cz
Čtvrtek Duben 21 08:22:50 CEST 2005
Miloš Liška wrote:
> On Wed, Apr 20, 2005 at 14:07:13 +0000, Zdenek SUTR Kaminski wrote:
>
>>On Wed, 20 Apr 2005, David 'Ilicz' Klementa wrote:
>>
>>
>>>Zdenek SUTR Kaminski wrote:
>>>
>>>>Pouzijte limit na IP adresu pomoci iptables...
>>>>
>>>
>>>a neudela iptables to, ze omezi vsecko, co jde z jeden IP (rekneme
>>>proxiny) a vsecko co je za ni, sdili tento limit? tomuto chtel tazatel
>>>predejit....
>>
>>No, to by me zajimalo, jak apache pozna, ze se dotazuje nekdo z vnitrni
>>site a ze to neni vlastne ta proxina?
>>
>
> Podle http://dominia.org/djao/limitipconn-README by to fungovat melo.
>
> <cut>
> Proxy client tracking
>
> By default, all clients behind a proxy are treated as coming from the
> proxy server's IP address. If you patch Apache with the included patch
> and configure with --with-forward and rebuild, the real IP addresses
> of clients behind proxies are correctly detected. You will need to
> either compile statically or compile with -DRECORD_FORWARD.
>
> If you don't patch the server, DO NOT compile with RECORD_FORWARD
> defined. The module will still function, but it will not recognize
> clients behind proxies.
> </cut>
>
hmmm... ale nebude mit potom Apache problem s tim, ze mu bude tahat
treba sedm pocitacu s IP 192.168.0.1 (kazdy za jinou proxinou)???
ilicz
Další informace o konferenci Linux