22 Jan
2010
22 Jan
'10
10:10 a.m.
On 01/22/2010 08:43 AM, Prof. P. Sriram wrote:
We had a similar issue at the centos (and other stuff) mirror at ftp.iitm.ac.in some months ago. We have solved it effectively using per ip connection limit and fail2ban.
The problem with this is that you have efectively made your mirror non usable for office's and orgaisations that only have 1 ip address to the world. There are quite a few of them.
This sort of a pricess would work better if it was to check and only work against an ip of its the same filename being requested rather than overall connections.
--
Karanbir Singh
London, UK | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc