Oliver Fromme wrote:
Gary Palmer wrote:
> Willem Jan Withagen wrote:
> > I received a call from a customer this morning that all of his websites
were
> > no longer on line. So After some resetting and more I turnout that there
> > was a
> > serious overload on his server. Over 500 clients connected. (norm is 50)
and
> > they were all trying to get this file 777.gif. (Which is not on any of the
> > sites).
>
> Why not just create a 0 length file 777.gif and let people fetch it?
> Its probably a lot less work for the server.
I don't think so. The overhead in Apache for serving
a file is quite big. On the other hand, IPFW tables
store IP addresses in a radix tree, which should be
quite efficient even for 100,000 entries.
I tried addressing that in a previous message. And I concur with you.
By the way: If incoming bandwidth is a concern, it is
probably better to use "reset" instead of "deny" in the
IPFW rule. If you use deny, the packets are simply
dropped, causing the clients to retransmit their SYN
packets several times, while "reset" (which here means
"connection refused") causes no TCP retransmits.
Reason for not doing so, is that bandwidth is not really an issue here.
2*155mbit connections to both Amsterdam and Frankfurt. :)
So people with viruses banging their heads against my door, and getting
stalled because of timeouts, is IMHO a nice way of slowing the harassment
down. I would even consider writing something that returns 1 char per 30 secs
for like forever, if it not only made me run out of serverslots/sockets/other
resources....
--WjW
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"