There are a few modules that you might be able to modify to meet your needs - although these things are generally designed for DDoS protection.
- mod_security - http://www.modsecurity.org/ - mod_evasive - http://www.zdziarski.com/blog/?page_id=442 - mod_cband - http://dembol.org/blog/mod_cband/ - mod_limitipconn - http://dominia.org/djao/limitipconn2.html Though those modules exist, this might be best implemented in your application. Another way to do it would be with a log parsing tool like Fail2Ban. - Y On Tue, May 19, 2015 at 4:29 AM, javalishixml <javalishi...@163.com> wrote: > Hi, > > I have a website. It is built by apache + tomcat. > > Now we make a lottery activity at this website. But we find that some robots > always raise the duplicated requests to hit this lottery activity. It causes > that robots almost get all the awards. > > So we just want to block these kind of duplicated requests at every interval > unit. > For example, we set the interval unit is 3 seconds. The if the robot want to > hit the lottery activity in 3 seconds, the website could block this action. > > So how to do it? I suppose if we do it at tomcat level, is it a very low > performance? Can I do it at apache level? how to do it? > If I could not do it apache level? > > Thanks in advance, > Java Coder > > > >
