if your load balancer does not allow you to throttle down (1) connections or
(2) throughput based on certain rule, i would use mod_throttle on the
apaches.
number of connections is easily accounted on the connection tracking ...
rate or throughput (rate based on time) per source ip (if thats the only you
have) i guess you have to do it on the apaches...
depending the content they are downloading, you might save bandwith with
http compression based on gzip...
On 10/8/06, FM <dist-list@xxxxxxxxxxxxxxxxxx > wrote:
> Hello,
> I have a common problem but cannot find a solution.
>
> My setup :
> all servers are Redhat Enterprise 4
> CISCO PIX in front on a HTTP load Balancer/failover (called a director
> in the L.V.S. jargon) that sends requests to 4 web servers (cluster
> setup based on Linux Virtual Server include in redhat cluster suite).
>
> Now my prob :-)
>
> From time to time users download our site and block all http connexion,
> and worst, use all our bandwidth. So I have to block (or redirect) those
> network abusers after a download limit (for ex : 1Gb per day) for lets
> say 1day.
>
> Because of the director, I cannot use the apache2 mod_cband.
>
> My first though is to look at the iptables on the director but I cannot
> find any information about that kind of setup.
>
> Do you know if it is possible using build in linux tools(iptables ?).
>
> If not, do you know some hardware appliance that could do that ?
>
> Thanks !
>
