On Fri, 22 Jan 2010, Karanbir Singh wrote:
On 01/22/2010 08:43 AM, Prof. P. Sriram wrote:
We had a similar issue at the centos (and other stuff) mirror at ftp.iitm.ac.in some months ago. We have solved it effectively using per ip connection limit and fail2ban.
The problem with this is that you have efectively made your mirror non usable for office's and orgaisations that only have 1 ip address to the world. There are quite a few of them.
I believe a correction might be in order - we have made it non-usable for those that have 1 ip address and want to download at a rate exceeding 5 active connections per minute. Do you know of any such organizations? Shouldn't they be enhancing their connectivity?
This sort of a pricess would work better if it was to check and only work against an ip of its the same filename being requested rather than overall connections.
If you know of any package that provides this enhanced functionality, I would be happy to implement that instead of our current scheme.