From owner-freebsd-ports@FreeBSD.ORG Fri Oct 17 21:14:16 2008 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF94B106568B for ; Fri, 17 Oct 2008 21:14:16 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA01.westchester.pa.mail.comcast.net (qmta01.westchester.pa.mail.comcast.net [76.96.62.16]) by mx1.freebsd.org (Postfix) with ESMTP id 855588FC15 for ; Fri, 17 Oct 2008 21:14:16 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA01.westchester.pa.mail.comcast.net with comcast id TwRf1a01p1HzFnQ51xEF8X; Fri, 17 Oct 2008 21:14:15 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA14.westchester.pa.mail.comcast.net with comcast id TxEE1a00R2P6wsM3axEF6M; Fri, 17 Oct 2008 21:14:15 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=qG0pDHm830py8FHImq8A:9 a=cbyOUttlHAuu2JgLhZ8A:7 a=Mx7BdjIZc75BSoM-RGhdTbAkKH0A:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 528CEC9432; Fri, 17 Oct 2008 14:14:14 -0700 (PDT) Date: Fri, 17 Oct 2008 14:14:14 -0700 From: Jeremy Chadwick To: mdh Message-ID: <20081017211414.GA31108@icarus.home.lan> References: <20081017175359.GA27396@icarus.home.lan> <468319.95459.qm@web56808.mail.re3.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <468319.95459.qm@web56808.mail.re3.yahoo.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: David Karapetyan , freebsd-questions@freebsd.org, freebsd-ports@freebsd.org Subject: Re: Problem with www/mod_cband X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Oct 2008 21:14:17 -0000 On Fri, Oct 17, 2008 at 11:47:38AM -0700, mdh wrote: > It seems possible, however, that mod_cband's functionality could be > replicated by a simple script that watches the access log files and > makes an update to a .htaccess file for the virtualhost when the > virtualhost in question exceeds a given bandwidth limit which would be > configured in the script. Well, that's assuming you want to use the "maximum aggregate bandwidth per site every month" concept. I, for one, do not, because all it takes is one prick wget -r'ing the site and pow, the site is down for everyone. You could block based on IP, but believe me, they'll find or get another. (I've personally seen this with Italian users, where they'd switch to another IP to get around pf(4) blocks I put in place.) I personally prefer to just bandwidth limit sites, only permitting XXX Kbyte/sec across *all visitors*. It's the only "safe" way to deal with 95th-percentile billing in co-locations. Also, don't forget that Apache only writes an entry to the log file *after* the transfer is finished, not when the request is submit. :-) -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |