From owner-freebsd-ports@FreeBSD.ORG Fri Oct 17 19:14:20 2008 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0F9721065688 for ; Fri, 17 Oct 2008 19:14:20 +0000 (UTC) (envelope-from mdh_lists@yahoo.com) Received: from web56808.mail.re3.yahoo.com (web56808.mail.re3.yahoo.com [66.196.97.82]) by mx1.freebsd.org (Postfix) with SMTP id AD6CD8FC16 for ; Fri, 17 Oct 2008 19:14:19 +0000 (UTC) (envelope-from mdh_lists@yahoo.com) Received: (qmail 95728 invoked by uid 60001); 17 Oct 2008 18:47:38 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=6qQB31s7xZp307sdv/qdETHLD9+gOuJuRHoc9V0wZhHR7rWrnsjfV2FhPB3en4Dumov0nmi2TE4BieiobOSZ06tyRVfkbg1V8kqmlJEKeIWF4WDrT3V4+jZBcYo1Ws+X/jWUu8sf2CK+V/2IHSmBW7xIPe+G2PNX6LIxq/Z6vCw=; X-YMail-OSG: vCyCd1AVM1km8jf.6j4lo4NDYjlcXhrt0FeOq.ajcVhpGeHcLABv8NIBQHjjBgLEeg-- Received: from [71.61.220.126] by web56808.mail.re3.yahoo.com via HTTP; Fri, 17 Oct 2008 11:47:38 PDT X-Mailer: YahooMailWebService/0.7.247.3 Date: Fri, 17 Oct 2008 11:47:38 -0700 (PDT) From: mdh To: David Karapetyan , Jeremy Chadwick In-Reply-To: <20081017175359.GA27396@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <468319.95459.qm@web56808.mail.re3.yahoo.com> X-Mailman-Approved-At: Fri, 17 Oct 2008 19:20:20 +0000 Cc: freebsd-questions@freebsd.org, freebsd-ports@freebsd.org Subject: Re: Problem with www/mod_cband X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mdh_lists@yahoo.com List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2008 19:14:20 -0000 --- On Fri, 10/17/08, Jeremy Chadwick wrote: > From: Jeremy Chadwick > Subject: Re: Problem with www/mod_cband > To: "David Karapetyan" > Cc: freebsd-questions@freebsd.org, freebsd-ports@freebsd.org > Date: Friday, October 17, 2008, 1:53 PM > On Fri, Oct 17, 2008 at 12:57:41PM -0400, David Karapetyan > wrote: > > FreeBSD office19.resnet.nd.edu 7.0-RELEASE-p5 FreeBSD > 7.0-RELEASE-p5 #0: > > Wed Oct 1 10:10:12 UTC 2008 > > > root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC > i386 > > > > Hello everyone. Every time I try to use the mod_cband > module in my > > apache22 webserver, apache segfaults upon restart. > Things work fine when > > I disable the module from httpd.conf. Is this module > broken, and if so, > > what comparable alternatives are there? > > Be aware that mod_cband has quite a horrible bug. This is > a Debian bug > report, but the same problem applies to FreeBSD. Be sure > to read the > entire bug, not just the original report. > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418645 > > Regarding alternatives: there aren't. Bandwidth > limiting is a > long-standing feature of Apache that's missing, which > is a huge > disappointment. > > The best solution I've found on FreeBSD is to use pf(4) > with ALTQ, > and give each VirtualHost its own IP address, then > rate-limit the IP > address using pf(4). Yes, I realise this is impractical > for sites > which have many vhosts and use name-based virtualhosts. > > Welcome to my world... IMHO, that solution is considerably sexier than what mod_cband claims to do (having read only pkg-descr). It seems possible, however, that mod_cband's functionality could be replicated by a simple script that watches the access log files and makes an update to a .htaccess file for the virtualhost when the virtualhost in question exceeds a given bandwidth limit which would be configured in the script. Think `tail -f`. Functionality is handled outside of apache so no danger of crashes. Just create the .htaccess in such a way that the end-user can't delete/modify it, and have it do a Redirect. For robustness' sake, move any existing .htaccess file to .htaccess.X and move it back when the virtualhost is back in compliance or paid up or whatever. - mdh __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com