[CentOS-mirror] DOS attack downloading DVD isos

Sat Dec 5 05:09:30 UTC 2009
Prof. P. Sriram <sriram at ae.iitm.ac.in>

On Fri, 4 Dec 2009, Randy McAnally wrote:
> mod_limitipconn does the trick, and it's a well maintained/supported module.
> ...
> > mod_cband to the Rescue
> > http://www.montanalinux.org/mod_cband.html

mod_limitipconn and mod_cband do slightly different things. mod_cband does
some of what mod_limitipconn does and also some of what mod_bandwidth
does. mod_limitipconn can be used to restrict connections per ip, but from
what I can see, it cannot do

(a) bandwidth limiting or throttling which mod_cband can do

(b) set different connections per ip limit for different source ip 
addresses (or blocks of ip addresses) which also mod_cband can do

Also, mod_cband has a nifty little status page. In addition to the link
above, there is a decent howto at

http://www.howtoforge.com/mod_cband_apache2_bandwidth_quota_throttling

-- 
sriram