network/mod_limitipconn: Added to 12.1 repository

1 files changed, 69 insertions, 0 deletions

diff --git a/network/mod_limitipconn/README b/network/mod_limitipconn/README
new file mode 100644
index 0000000000..34bf2a7aab
--- /dev/null
+++ b/network/mod_limitipconn/README
@@ -0,0 +1,69 @@
+From:
+http://www.mail-archive.com/dev@httpd.apache.org/msg37189.html
+
+Hi!
+
+
+Attached is a version of mod_limitipconn.c that works in conjunction with
+mod_cache and httpd-2.2. We've been using this on ftp.acc.umu.se for some
+time now without any unwanted issues.
+
+The main problem with mod_limitipconn-0.22 was that since mod_cache runs as
+a quick handler, mod_limitipconn also must run as a quick handler with all
+those benefits and drawbacks.
+
+Download the tarball from http://dominia.org/djao/limitipconn2.html , extract
+it, and replace mod_limitipconn.c with this version and follow the build
+instructions.
+
+I would really wish that this was made part of httpd, it's really needed when
+running a file-download site due to the scarily large amount of demented
+download manager clients out there.
+
+However, I have not received any response from the original author on the
+matter. From what I have understood of the license it should be OK to merge
+into httpd if you want though, but I think that you guys are way more clued
+in that matter than me.
+
+This is a summary of the changes made:
+* Rewritten to run as a Quick Handler, before mod_cache.
+* Configuration directives are now set per VHost (Directory/Location
+   are available after the Quick Handler has been run). This means that
+   any <Location> containers has to be deleted in existing configs.
+* Fixed configuration merging, so per-vhost settings use defaults set
+   at the server level.
+* By running as a Quick Handler we don't go through the entire lookup
+   phase (resolve path, stat file, etc) before we get the possibility
+   to block a request. This gives a clear performance enhancement.
+* Made the handler exit as soon as possible, doing the "easy" checks
+   first.
+* Don't do subrequest to lookup MIME type if we don't have mime-type
+   specific config.
+* Count connections in closing and logging state too, we don't want to
+   be DOS'd by clients behind buggy firewalls and so on.
+* Added debug messages for easy debugging.
+* Reduced loglevel from ERR to INFO for reject-logging.
+
+In any case, I hope that this can be of use for others than us.
+
+
+/Nikke
+--
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+ Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se      |     [EMAIL PROTECTED]
+---------------------------------------------------------------------------
+ We are AT&T of Borg, MCI will be assimilated
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+(FWIW: copied without explicit permission)
+
+--
+
+The module can be loaded with the following in /etc/httpd/httpd.conf
+
+LoadModule limitipconn_module lib/httpd/modules/mod_limitipconn.so
+ExtendedStatus On
+MaxConnPerIP 5
+
+To test the 'test.pl' utility from mod_evasive is included in the doc dir.
+