/ 2005-10-27 23:59:54 +0200 \ b@rry:
As I said - its a root server. Nothing in front but the pure internet...
Why not have a firewall in front of it? Root server or no, something that can manage the connections to the box with relatively low connection timeouts?
as mentioned before, you could try to proxy... somewhen, Apache TimeOut directive will be able to configure initial request timeout, inter-packet timeout and total timeout independently... until then, try attached script. quick hack in the last half our, so beware. adjust the timeouts. consider security implications. maybe you want to do more verbose, or near to no logging. or to feed "timed out" ips into some iptables script (after sanitizing) feel free to reimplement in C, use select loops instead of many processes, add command line parameters to adjust the various timeouts, or just ignore it altogether. or course, you want to change your apache to listen on the loopback only, and some different port, and change $apache_port accordingly. then change $P_port to where your apache typically listens. maybe you want to bind() more specifically, not to ANY. run it like "perl -wT myproxy.pl > myproxy.log" if this script breaks terribly in the real world, so what: anyways, has been a nice excercise... cheers, Lars Ellenberg