[conspire] Apache2 bandwidth limiting: fixing 1105 Altschul's connectivity

Rick Moen rick at linuxmafia.com
Wed Jan 11 14:17:39 PST 2012

Quoting Sean (sean.channel at pacbell.net):

> just a scant $0.02:
> http://www.cyberciti.biz/tips/howto-prevent-image-hotlinking-leeching-direct-linking.html

Yes, that sort of thing's been around for decades.  It's also pretty
trivial to defeat.  (I'd also be more likely to do something playful
like serve up hotlinked images upside-down using ImageMagick.)

I personally just tend to gzip files I'd rather people not hotlink to.
It works well, and good Web browsers gunzip files into RAM
transparently.  If that ends up being passively unfriendly to MSIE
users, then I guess it sucks to be them.

> I found it very painless and rewarding to switch from Apache to
> Lighttpd, YMMV, and this page includes a link to do the same thing with
> Apache, though I'm sort of promoting Lighttpd here, FWIW.

I know, use, and like Lighty.  However, I use Apache2-specific features
extensively enough that switching would take major work and possibly
take down some site functions.

> OTOH, I once briefly had the inclination to crawl linuxmafia's knowledge
> base myself just to have a local copy (an idea I quickliy got over), so
> perhaps a prefab tarball to actually allow such a download might eschew
> such crawlers if that be their intent.  

Not really very practical, since by design many of the linked entries are

> It is a neat little KB, after all.

Thanks, Sean.  We aim to please (though Mark Twain warns that the
editorial 'we' is best reserved to kings, editors, and people with the

Following up on my prior post:

> > The 'Bandwidth all 250000' line limits total Apache2 bandwidth to
> > 250kB/s.

Reducing that to 100kB/s still leaves the site quite available and
sprightly.  I aim at high availability, but am just as happy if people
seeking extremely high speeds and large numbers of huge files get
frustrated and go elsewhere.

Along those lines, I have also introduced similar throttling to the
vsftpd and rsyncd configurations.

My likely next step is to do some kernel work using QoS / tc, as
described in http://lartc.org/ .  There are some 'cookbook' suggestions
specifically for aDSL setups, e.g.,

More information about the conspire mailing list