Hello,

I have a funny problem - I administer a fairly small server which can go crazy when people try to do something very abusive (like downloading all files from one domain through a 10 mbps line, 30+ concurrent connections from one IP, this happened yesterday).

I want to prevent that through mod_evasive. Unfortunately, I also use Apache to serve svn repository, with webdav. The problem is, mod_evasive blocks any repository checkout as DoS attack, and it cannot run only for one virtual host (or be disabled for a single vhost).

So far, I know about three solutions:
1) Run svn via Apache 1 or svnserver - not possible, clients are authenticated against a custom database.

2) Do some magic port forwarding - so that I can whitelist server IP, and forward requests for svn on port to another port on the server to listening Apache, but make it look like that the request is coming from server IP. I tried, and I'm still trying playing with iptables and snat, but so far, I haven't been successful.

3) Use other Apache module? Create iptables script to block "DoS" (read things like FasterFox, web downloaders)? Any other suggestions?

I have to take some action, during normal operations, there are about 20 running Apache childs on my server at maximum, and yesterday, just single idiot succeeded in running another thirty or forty (= full swap, load > 20.0, unresponsive server etc.)