Apache tweak

Mike McGrath mmcgrath at redhat.com
Mon May 28 12:57:52 UTC 2007


Ahmed Kamal wrote:
> cool plan. Hopefully it should hold against regular release day traffic.
> However, on FC6 launch, we were deliberately 'attacked', right? flooders
> might deliberately hit the non static pages, are we prepared for that ?
> How would everyone feel about limiting the number of connections per /24
> network to a reasonable number, a la
> iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16
> --connlimit-mask 24 -j REJECT


The attack thing was never totally confirmed one way or the other and we 
don't have the logs from last year (we weren't running fedora.redhat.com 
then)  So we're much better prepared this run but it's still difficult 
to tell exactly what to expect.

    -Mike




More information about the Fedora-infrastructure-list mailing list