Setup:
We are running pressflow behind a varnish proxy on two separate VMs all in a RH LAMP environment. We host internally so we have full control over the environment but just lack the expertise to fine tune this.
Issue:
Over the past two weeks we have seen traffic from questionable IPs that, based on the URLs that they hit, we causing extremely high CPU spikes; some as high as 12 but an average of 6-7. The only way we have been able to deal with this was to block the IPs and then the CPU goes down to <1.0. The URLs that were hit were items that are not cached, such as, calendar entries and the print & email features on various pages.
I read about mod_evasive as possible way to throttle the number of hits/connections from a single IP, but that isn't for apache 2.2.
Anyone have some pointers or a direction for us to go for this?
Thanks in advance!