We have had several denial of service incidents due to students pressing the <F5> Refresh button so many times or continuosly, which makes apache+mysql+moodle crawl under the flood of requests.
I have been unable to find a way to stop this from happening. I have tuned Apache to start fewer servers, so it has helped because now it takes only 5 min to recover (as opposed to 30 min before). This is still not acceptable because someone can sabotage an exam or quiz. Sometimes telling them not to do it just puts more fuel to the fire.
I know apache and mysql run fine, since we run another apache+mysql site (non-moodle) on the same server, and pressing <F5> continuosly to refresh that other site does not cause any problems. It handles gracefully the thousands of requests that flood the system.
I've tried with and without persistent connections to the database, but makes no difference.
We run Linux 2.4.18-11, Apache 2.0, mysql 3.23.52, PHP 4.2.2 on our server.
Does anyone have an idea what to do about this? I have thought of throttling bandwith, but my understanding is that Apache 2.0 does not support mod_throttle. Are there any other alternative solutions?
I'm curious to know if someone else has this problem as well.
Thanks!