hi there,
i have developed a small throttle and monitoring
package, we use permanently on our server. it is
written in XOTcl and uses Zoran libthread packages.
A controlling thread is created that recieves
information about requests (begin and end of request).
when the server is on high load and a user
requests within a time window to many requests,
the user is throttled. If he/she continues to
be eager, the user is kicked out (e.g. a
short error reply is sent back). In addion,
we keep a lot of statistics such as
graphs about active users, views per second or
hour, avg response time per minute, hour, etc.
on our system we have up to 3.5 mio hits per day,
around 15 dynamic views per second (sustained
avg over an hour, not counting images/css files).
The original need for the package was to cope
with users that like to mirror the whole content
of our site, especially, when the traffic is high.
Such "attacks" brought the system to a hold. Now
the problem is gone.
If there is interest, we can remove site specific
stuff and make it available...
-gustaf
# This is a simple request-throttle application that
# avoids simple DOS-attracks on an AOL-server.
# The user (request key) can be specified via ipAddr or some other key,
# such as an authenticated used.
# Parameters:
# - timeoutMs: time window to keep statistics for a user
# - startThrottle: if user requests more than this
#, he is throttled
# - toMuch: if user requests more than this
#, he is kicked out
#
# The throttler is defined as a class to make to extensible
# to define e.g. different kinds of throttling policies for
# different kind of request keys. Note that the throttle thread itself
# does not block, only the request thread blocks if necessary.
Class ThrottleStat -parameter { type user_id timestamp ip_adress url }
Class Throttle -parameter {
{activeUserMinutes 10}
{timeoutMs 2000}
{startThrottle 3}
{toMuch 7}
....
}