[mirror-admin] To Axel

Axel Thimm Axel.Thimm at ATrpms.net
Wed Mar 26 23:49:48 EDT 2008 

Hi,

On Wed, Mar 26, 2008 at 08:47:12AM +0100, Günther Fischer wrote:
> Axel,
> thank you for the hint. The limitipcon works with my httpd-2.2.3-11.sl5.3.
> 
> The second with total stoping Range for ISOs is too hard. Ranging for
> large files is ok - I think ...
> 
> I will try the connectionlimit for noe with a limit of 10 and will see.
> Thank you again.

You're welcome - the range blocking feature is selected in a way to
disallow such ranges that are used by download accellerators only. For
example a broken off download will try to resume with a Range of a
given starting address and no end address, e.g. ending with a
hyphen.

Or reworded the check looks on whether the Range request contains an
end address. wget/curl etc. can still properly resume/continue a
partial download.

> On Tue, Mar 25, 2008 at 9:22 PM, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> > On Tue, Mar 25, 2008 at 07:39:48AM +0100, Günther Fischer wrote:
> >  > On our side I see many partial GETs for one ISO from one IP. I think
> >  > this are download accelerators.
> >  > So we reach quickly the max number of httpd 768 (I have defined). With
> >  > redirected the ISOs to ftp I see it around 200.
> >  >
> >  > So I look to stop too many connections from one IP.
> >
> >  I use two tricks, one is to limit connections to ISO dirs by some
> >  amount per IP:
> >
> >       <IfModule mod_limitipconn.c>
> >         MaxConnPerIP 6
> >       </IfModule>
> >
> >  The other is to block ranged requests as this is what download
> >  accelerators do indeed:
> >
> >     RewriteEngine on
> >     RewriteCond %{HTTP:Range} [0-9]$
> >     RewriteRule \.iso$ / [F,L,R=403]
> >
> >  These two have fixed quite a lot of pain.
> >
> >
> >
> >  > On Mon, Mar 24, 2008 at 7:59 PM, Carlos Carvalho <carlos at fisica.ufpr.br> wrote:
> >  > > Günther Fischer (guenther.fischer at hrz.tu-chemnitz.de) wrote on 24 March 2008 19:41:
> >  > >
> >  > >  >I have reset it to On. I had have changed it because I got more than
> >  > >   >1000 httpds (apache) slow down the server. Now I have redirected ISOs
> >  > >   >again to ftp to
> >  > >   >solve the many connections an it helps for now.
> >  > >
> >  > >  For us, it's not the number of connections that makes the machine
> >  > >  slow, it's the disk access.
> >  > >
> >  > >
> >  > >   >I'm tying now also lighttpd, but the configuration for servers with
> >  > >   >high trafic is not strait forward.
> >  > >
> >  > >  Apache just sits there doing nothing because file transmissions are
> >  > >  done via sendfile, so all the job is done at the kernel. I'd expect
> >  > >  that, for a mirror, other http servers won't make a difference.
> >  > >
> >  > >  --
> >  > >
> >  > >
> >  >
> >  >
> >  >
> >
> >
> > --
> >
> 
> 
> 

-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/mirror-admin/attachments/20080327/6954b380/attachment.bin 
-------------- next part --------------
--

More information about the Mirror-admin mailing list