From: http://www.mail-archive.com/dev@httpd.apache.org/msg37189.html Hi! Attached is a version of mod_limitipconn.c that works in conjunction with mod_cache and httpd-2.2. We've been using this on ftp.acc.umu.se for some time now without any unwanted issues. The main problem with mod_limitipconn-0.22 was that since mod_cache runs as a quick handler, mod_limitipconn also must run as a quick handler with all those benefits and drawbacks. Download the tarball from http://dominia.org/djao/limitipconn2.html , extract it, and replace mod_limitipconn.c with this version and follow the build instructions. I would really wish that this was made part of httpd, it's really needed when running a file-download site due to the scarily large amount of demented download manager clients out there. However, I have not received any response from the original author on the matter. From what I have understood of the license it should be OK to merge into httpd if you want though, but I think that you guys are way more clued in that matter than me. This is a summary of the changes made: * Rewritten to run as a Quick Handler, before mod_cache. * Configuration directives are now set per VHost (Directory/Location are available after the Quick Handler has been run). This means that any containers has to be deleted in existing configs. * Fixed configuration merging, so per-vhost settings use defaults set at the server level. * By running as a Quick Handler we don't go through the entire lookup phase (resolve path, stat file, etc) before we get the possibility to block a request. This gives a clear performance enhancement. * Made the handler exit as soon as possible, doing the "easy" checks first. * Don't do subrequest to lookup MIME type if we don't have mime-type specific config. * Count connections in closing and logging state too, we don't want to be DOS'd by clients behind buggy firewalls and so on. * Added debug messages for easy debugging. * Reduced loglevel from ERR to INFO for reject-logging. In any case, I hope that this can be of use for others than us. /Nikke -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | [EMAIL PROTECTED] --------------------------------------------------------------------------- We are AT&T of Borg, MCI will be assimilated =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= (FWIW: copied without explicit permission) -- The module can be loaded with the following in /etc/httpd/httpd.conf LoadModule limitipconn_module lib/httpd/modules/mod_limitipconn.so ExtendedStatus On MaxConnPerIP 5 To test the 'test.pl' utility from mod_evasive is included in the doc dir.