[mirror-admin] enabling keep-alives

[Axel Thimm]

On Wed, Mar 26, 2008 at 10:34:25AM -0500, Gilbert E. Detillieux wrote:
> On 2008-03-26 08:12, Brian Long wrote:
>> On Tue, 2008-03-25 at 22:22 +0200, Axel Thimm wrote:
>>> On Tue, Mar 25, 2008 at 07:39:48AM +0100, Günther Fischer wrote:
>>>> On our side I see many partial GETs for one ISO from one IP. I think
>>>> this are download accelerators.
>>>> So we reach quickly the max number of httpd 768 (I have defined). With
>>>> redirected the ISOs to ftp I see it around 200.
>>>>
>>>> So I look to stop too many connections from one IP.
>>> I use two tricks, one is to limit connections to ISO dirs by some
>>> amount per IP:
>>>
>>>       <IfModule mod_limitipconn.c>
>>>         MaxConnPerIP 6
>>>       </IfModule>
>>
>> Wouldn't this also hinder folks behind a NAT device?  If I have a /24
>> subnet behind a single NAT IP, only 6 of my hosts would be able to
>> perform legitimate downloads before being limited as if they were a
>> download accelerator.  True?
>
> True, but how likely is this to be a problem in real life?  Are you likely 
> to have more than 6 hosts behind your NAT box simultaneously downloading 
> ISO images?  If so, you really should rethink your strategy, and it's 
> probably a good thing that the server is providing you that incentive!  :)
>
> (Remember, Axel did say that he imposes that connection limit for the ISO 
> directories only, so this wouldn't affect things like yum updates, for 
> example.)

Furthermore if there is a (largish) netblock behind a proxy the proxy is
usually also a (largish) web cache, so there is only one download.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/mirror-admin/attachments/20080327/f4a73157/attachment.bin 
-------------- next part --------------
--