On Fri, 22 Jan 2010, Karanbir Singh wrote: > On 01/22/2010 08:43 AM, Prof. P. Sriram wrote: > > We had a similar issue at the centos (and other stuff) mirror at > > ftp.iitm.ac.in some months ago. We have solved it effectively using per ip > > connection limit and fail2ban. > > The problem with this is that you have efectively made your mirror non > usable for office's and orgaisations that only have 1 ip address to the > world. There are quite a few of them. I believe a correction might be in order - we have made it non-usable for those that have 1 ip address and want to download at a rate exceeding 5 active connections per minute. Do you know of any such organizations? Shouldn't they be enhancing their connectivity? > This sort of a pricess would work better if it was to check and only > work against an ip of its the same filename being requested rather than > overall connections. If you know of any package that provides this enhanced functionality, I would be happy to implement that instead of our current scheme. -- sriram