Domain: snert.com
Stories and comments across the archive that link to snert.com.
Comments · 15
-
Re:Hmmm, interesting projects
don't even have that limited of bandwidth and I would like to see this mod in production. Very needed code IMHO.
http://cband.linux.pl/
http://www.steve.org.uk/Software/mod_curb/
http://www.snert.com/Software/mod_throttle/ This one might be best, I've looked at it before.
http://www.topology.org/src/bwshare/README.html
Or you could just dupe an ask.slashdot.org by asking something like:
http://ask.slashdot.org/article.pl?sid=02/07/18/02 31229&tid=4&tid=2
I'm really surprised this is not part of Apache by now. -
Re:You might hate Apache but....
Please see mod_throttle.
-
Re:This is more fun!
mod_throttle and mod_bandwidth are pretty useful if you're running Apache 1.3; unfortunately (last time I checked) they aren't working right under 2.0 yet.
-
Re:Give users the power to block countries...
What? Postfix doesn't seem to know about "clientreject" and it appears to be some sort of milter for sendmail that you are talking about.
-
Re:Already in use
There are two options that I know of, there may be others.
For 1.3 you can use mod_become, but it looks a little scary to me.
For 2.x you can use mod_suid2 -
Re:From C to PHP & Admin Responsibilities
One thing I haven't quite figured out, and maybe I just need the proper Apache mod, but when a PHP app creates a file, it's owned by the web process and not the script user process, so in safe_mode, to get things working you either have to change permissions or give liberal directory permissions in order for things to work with user-uploaded code.
Look into these, might help:
Here is one for 1.3, but the disclaimer concerns me and running apache as root is not something I would do...
http://www.snert.com/Software/mod_become/
If you are running apache2.
http://solaris.bluecoara.net/servers/apache/mod_su id2_en.phtml -
Re:Is there such a thing as a reputable blacklist?
I don't think any blacklist group is worthy of such trust.
You are right. No single blacklist is worthy of making a "accept/reject" decision for your mail.
But most are somewhat trustworthy. The problem is not so much "do I accept data from this particular blacklist, yes/no", but "how trustworthy on a float scale between 0 and 1 is this particular blacklist". Once you accept shades of grey, and once you accept a multitude of spam indicators, some of which need to be scaled, you get a pretty good trust metric.
Essentially, this is what SpamAssassin does. SpamAssassin is a collection of spam indicators, and an automatically generated set of prescaled factors for these indicators. And all of them nicely integrated.
The problem with SpamAssassin is that it mixes up predelivery checks and postdelivery checks. It would be worth the effort to extract all predelivery checks from SpamAssassin (DNSBL checks, mostly), throw in Milter Sender like checks and create a predelivery milter-sender Spamasssassin which would catch most of the Spam in transit and reject it with fivehundreds.
The key concept is the introduction of shades of grey, though, instead of simple single source blacklisting. -
similar solution already available
There's something at least very similar to that already available as a milter. milter-sender does an email callback to the mx of the domain the email claims to be from and verifies that the address exists. Unlike some of the other solutions available, it doesn't expect the sender to send another mail to verify he's a genuine sender, but accepts the email if the mx doesn't fail to the "RCPT TO" command (exceptions requiring a "full callback" can be configured for mxs that only find out they don't know the recipient after the DATA command has been sent).
-
Re:Apache 2.0
Theres also no mod throttle for apache 2 so its not so suitable if you need these functions, such as limiting bandwidth per virtual host and giving custom responses when sites have used all their traffic.
Incidently if anyone knows of a good alternative that works on apache 2 can they post it. -
Re:Filters that fight back...
thanks to some of our genius legislators, potentially illegal to possess or use.
Let's spam the legislators!
Ah, so slowing down a connection could be illegal? Will mod_throttle be classified as a weapon in the near future? GREAT! Spidering sites would be even faster now!
-
milter-sender
milter-sender is a sendmail milter plugin that does similar things differently.
When you are receiving a SMTP mail, the sender claims to be somebody using a MAIL FROM statement within the SMTP dialogue. milter-sender will take the senders domain, look up the primary MX of that domain, connect to the senders mail server, and tries to deliver an error message to the sender ("MAIL FROM: ", "RCPT TO: ").
If the senders mailer says it cannot receive error messages ("550 user unknown" after the RCPT TO"), milter-sender will not accept the incoming mail for you.
milter-sender also detects dictionary scanning for mail addresses on your machine and disconnects dictionary spammers after a number of attempts.
Kristian -
mod_become
You've pretty much hit the nail on the head when it comes to correct file permissions and remote access to folders under apache.
The only way to really achieve it is to allow apache to set(e)uid to the user who you want it to be running as. I extended mod_become for our internal use here, and it works ok, but yes, you need to run apache as root to achieve this. I wouldn't want to go exposing it to the world-at-large.
-
Re:What do you want to do?
On the other hand, HTTP is great when you want to give lots of people unlimited ANONYMOUS access to something. I'm sure there is a way to throttle bandwidth, but can you do it on a class by class basis?
Sure, you can do all of that. Apache is very flexible. Try mod_throttle,
for example. -
Re:I'd LIKE a cap on my accounts.
Mod_Throttle is exactly what you need. It can be configured to limit to N kb/month, and also has a verry nice status page showing you how many hits each vhost is getting, and how much bandwidth usage they are using. Highly recommended.
-
Re:Captain! She canna take any more!Serving any page request is a constant-time operation, regardless of zoom level. (I wrote it, but if you don't believe me look at the source.)
The server is using Apache's mod_throttle to try to prevent overexcited slashdot denizens from trying to recursively fetch the whole thing. You weren't trying that by any chance?
:-)Possibly the network is slow somewhere but I doubt the machine is overloaded.
If you really want to mirror it then download the source, which is much smaller (about 100kB?) Run the image generator on your own machine and set it up according to the instructions.