[ale] apache problem

Neal Rhodes neal at mnopltd.com
Wed Jan 12 13:04:43 EST 2011


One of our government systems stores reports generated. 

Those reports are stored outside apache's reach. 

A specific hyperlink to an active apache program (in this case Progress
Webspeed)  results in us spitting back the selected report inline.  This
affords control of who sees what report.   There is no native way of
specifying a static URL to get the report file. 

And it includes a daily hit counter so we can just cut people off if
their access departs from historical trend based on IP or userid. 

It's a moderate booger to write the thing that spits back the file
inline, since we might have .pdf files, .html files, text files, and I
recall we had to do content headers appropriately. 

Neal Rhodes


On Wed, 2011-01-12 at 11:50 -0600, John Heim wrote: 

> All,
> 
> I have a problem with an apache web server. The problem is that one of my
> users has some large PDF documents available for
> download. Every few weeks, our server gets bogged down when someone tries to
> download these documents many thousands of times.  They download each 
> document only once or twice a second but over and over and over. Eventually, 
> our server gets bogged down. The documents are mostly in the 1.5Mb to 2Mb 
> range.
> 
> I deal with it by blacklisting the IP address of the offending client. Its
> always a single IP address. So it can't be a denial of service attack. If it
> is, its the lamest DOS attack ever.
> 
> Anybody have any idea why this is happening? I have looked for some kind of
> loop in the html pages where an automatted client might think it these are
> all different documents. I even tried downloading it myself with wget. No
> problems.
> 
> Any suggestions for preventing this? I thought about forcing people to
> register or putting  up a CAPTCHA. But I'd rather not do those things. I'd
> rather just prevent a single IP from downloading each document more than
> once a day or something like that.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20110112/3c56e1c1/attachment.html 


More information about the Ale mailing list