In an attempt to keep things moderately under control on en, I've installed mod_throttle onto larousse's apache: http://www.snert.com/Software/mod_throttle/
It's still slow, but load has dropped from 20-60 range to 2ish-5ish, which is rather more comfortable: when I try to do something on the server, I don't have to wait several minutes for it to finish processing my ssh login!
The docs for mod_throttle are very vague and short on real-world examples, so this could be the worst configuration ever. I'm open to suggestions if anyone's got more of a clue than me...
[brion@larousse conf]$ cat throttle.conf <IfModule mod_throttle.c> # 'Idle' should delay connections rather than refuse them. # It's not clear how it reacts to images etc. # 5-second minimum within 60-second period? ThrottleClientIP 1024 Idle 5 60 ThrottleMaxDelay 20
# 'Document' theoretically ignores images, stylesheets, # and such. If more than the max # of requests is grabbed # within the cutoff period, you're denied with a 503 until # the time period runs out. # This isn't very elegant, but it may work...
# 10 requests per minute? #ThrottleClientIP 1024 Document 10 60
# 10 requests per minute, sustained for two minutes? #ThrottleClientIP 1024 Document 20 120 </IfModule>
Status info: http://larousse.wikipedia.org/throttle-status http://larousse.wikipedia.org/throttle-client-ip (doesn't work)
-- brion vibber (brion @ pobox.com)