Hello everyone!
I am trying to fight download managers for quite a long time but without big success. Let me explain.
I have a site serving large files (approx 400mb each). It is located in shared hosting environment and have quite a big xfer bandwith so it's not a problem in general.
The problem is abusers with download accelerators sending 100-120 requests simultaneously and making server go crazy and hang up finally.
Just one note - I cannot make a PHP download script, since it hangs for a long time and gets killed by process monitor at this shared environment. This process monitor supposes it's a non-friendly php.cgi process and kills it. So the only way is to link directly to a file so it is served by Apache.
There are several things I tried to do:
1) Use mod_rewrite to block bad HTTP_USER_AGENTS. A little help, since most of these abusers nowadays mask as real browsers. Forgot about it.
2) Limit number of simultaneous connections to 1-2 per IP: unforuntately mod_limitipconn cannot be installed in this environment. Forgot about it.
3) Was trying to figure out if it is possible to block HTTP 206 requests (partial data) without modifying Apache (for example via RewriteCond %{HTTP_REQUEST)). It seems it's not possible, or is it?? Anyone can help here??
4) Created a small php script (which can be included in the top of any other php script) that keeps track of recent requests and if someone requesting too often (e.g. once every 3 seconds) blocks the abuser by not proceeding further and issue some "Warning". Unfortunately I cannot link this script to a file i am serving, since it becomes a download script again, however as i said the only way is to link to a binary file directly.
What I though is that maybe there is a way to do a tricky thing with mod_rewrite and still have this small protection script ran before sending a large file to a user but keeping it transparent? E.g. request goes to /downloads/largefile.zip however it's a PHP file which first does some checking and then if it's allright redirects to an actual file but without changing the filename for a browser??
Any advice appreciated!
Thanks,
Nick