Opened 17 years ago
Closed 6 months ago
#216 closed task (invalid)
Fighting Bandwidth Accelerators
Reported by: | warmerdam | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | Sysadmin Contract 2024-II |
Component: | SysAdmin | Keywords: | |
Cc: | grass-dev@… |
Description
It would be helpful to have a strategy to limit bandwidth accelerators. That is, situations where one IP open many connections, often on the same file - in an apparent attempt to download it quickly. In some cases this seems to be misconfigured and result in repeated downloads, and in other cases it just ties up a lot of server slots, potentially denying other users service.
One suggestion has been to use mod_cband to limit bandwidth, but this doesn't really stop multiple connections at once, and might limit legitimate high bandwidth use. A also, the mod_cband site (http://cband.linux.pl) does not seem to be available.
Another promising looking option is mod_limitipconn:
Change History (9)
comment:1 by , 17 years ago
Owner: | changed from | to
---|
comment:2 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
I have built and installed mod_limitipconn2 from source.
I changed the download configuration to:
<Directory "/osgeo/download"> Options FollowSymLinks Indexes MaxConnPerIP 3 </Directory>
A brief test indicates that the 4th simultaneous request from a single IP will receive a 503 (service temporarily unavailable) response.
Mission accomplished!
comment:3 by , 16 years ago
I have put the same thing into place on xblade 14-2 (aka www.gdal.org, upload.osgeo.org, grass.osgeo.org, etc) but I attached the MaxConnPerIP 3 to <Directory "/"> in /etc/httpd/conf/httpd.conf which seems to have applied it to all the virtual hosts on the machine.
comment:4 by , 16 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
The settings are too limited. I cannot even pen a single page with several screenshots on it, see for example:
http://grass.osgeo.org/screenshots/gui.php
This is a showstopper for us... Please give us more bandwidth.
thanks Markus
comment:5 by , 16 years ago
Cc: | added |
---|
comment:6 by , 16 years ago
I have added an exception for GRASS on that server and especially enabled images to not be blocked:
( [root@xblade14-2 conf]# vim /etc/init.d/httpd )
# docs: http://dominia.org/djao/limitipconn2-README # grant more to GRASS to not block screenshot pages: <Directory "/osgeo/grass/rsync"> Options FollowSymLinks Indexes MaxConnPerIP 12 # exempting images from the connection limit is often a good # idea if your web page has lots of inline images, since these # pages often generate a flurry of concurrent image requests NoIPLimit images/* screenshots/* </Directory>
Seems to help.
Markus
comment:7 by , 16 years ago
Hi,
FWIW I was seeing this even though I have not done anything so rude as to bump up the max connection per ip in my browser. I think that simply "3" is too agressive.
hmm. In Debian/stable's Firefox 2.0 if you go to "about:config" and filter on connection you will see:
network.http.max-connections-per-server default int 8 network.http.max-persistent-connections-per-proxy default int 4 network.http.max-persistent-connections-per-server default int 2
same values in the epiphany browser.
Markus:
Seems to help.
same here.
thanks, Hamish
comment:8 by , 7 years ago
Modern browsers and download agents utilize far more connections than they did when this bug was opened. If connection limits are really necessary, they should be set to at the very least 8, but preferably eliminated entirely and serious abuse handled at the network layer. If it's specifically downloads of large files that is causing concern, limits should be imposed only with that specific scope and/or a better means for handling very large files should be identified and implemented.
comment:9 by , 6 months ago
Milestone: | → Sysadmin Contract 2024-II |
---|---|
Resolution: | → invalid |
Status: | reopened → closed |
MaxConnPerIP
No longer been used in download.
Based on the previous comment, I will mark it as invalid. (was a valid issue before, but not anymore)
I'm going to pursue limitipconn2 on download.osgeo.org.