Suggested Mod - send expires headers

  • Paul Yeager

    Paul Yeager - 2010-12-03

    We started using mod_evasive on our Apache Servers to mitigate DDOS attacks.
    This works fine, except for awstats. It seems that the high number of image
    fetches on some pages trigger mod_evasive's limits on fetches of a single item
    and/or total fetches from the site.

    Expires headers with far-future expirations greatly reduce the number of image
    fetches, and solve the problem of using mod_evasive with awstats.
    Unfortunately, because of the way that awstats serves images (via index.php),
    it is difficult to apply expires headers just to image files.

    A simple mod to awstats-config.php causes .png files to be served with an
    expires header with a date one year in the future:

                    else //if it is a png, output appropriate header
                      header("Content-type: image/png");
                      // paul's mod starts here
                      $extime = time() + 31536000;  // one year in the future
                      $exstr = gmdate( "D, j M Y H:i:s GMT", $extime );
                      header("Expires: $exstr" );
                      // end of paul's mod
                    //output the file
                    echo $file;
  • Paul Yeager

    Paul Yeager - 2010-12-03

    Yes... I tried to find a set of parameters for mod_evasive that would allow
    awstats to work. However, if you make them too generous, then there's no point
    in running mod_evasive.

    Loads of some awstats pages result in over 60 http requests. The mod described
    above reduces that to about half a dozen.


Log in to post a comment.