Re: Traffic control
On Thursday 12 December 2002 16:08, Marco Antonio wrote:
> Now we are facing a problem: some people are making 'automated searches' on
> our www server -an ugly IIS5 :), and we intend to block this kind of
> search. I was thinking about blocking it on the firewall, this way:
> regularly I would collect some stats about the traffic, and if some client
> IP reaches a 'limit', I would re-run the firewall script and block that IP.
I would strongly advise against doing such a thing. It is too likely to block
a regular (though fast reading/scanning) visitor. In other words: What limit
do you think of?
If it is based un number of connections within a given time, how do you make
sure you don't block a regular visitor? You get quite a number of connections
from them as well.
If it is based on number of bytes transfered, how do you make sure not ot
block a normal visitor? He is very likely to transfer a lot of data
(html-Pages, images).
The only way you could blcok a robot is by scanning the webserver-logs (or the
content of the IP request packages) and block an IP if it only requests
HTML-Documents and more than X documents within a certain time limit. But
again, how do you make sure not to block a legitimate visitor? He could have
turned of loading of images.
If you are certain which method to use, you can think about how to collect the
data and how to react if your limits were exceeded.
If you just don't want any robot to block your IP uplink line, you might want
to use some sort of traffic shaper (if you were using apache, I would
recomend mod_bandwidth).
Regards,
Sven Müller
- IT - Network&Infrastructure -
--
* Heinrich Berndes Haushaltstechnik GmbH & Co KG
* Wiebelsheidestrasse 55, 59757 Arnsberg, Germany
* Phone: +49 2932 475-282 / FAX: -325
* http://www.berndes.com
Reply to: