HTTP Server invalid request/connection throttling

Question

I have a custom HTTP server.

When F5 is held down in a browser the server gets slammed with requests.

How can I detect and limit these (or any other) invalid connections?

It seems that I would have to record, for each incoming IP, the length of time between each request and whether or not the request was valid. If a certain number of invalid requests are received in a certain period time, I would simply disconnect (or ban) all further connections coming from that IP for a certain period of time.

Does anyone have any articles, pointers or tips on this subject?

Answer 1

I'd be careful about throttling your server based on IP address - some large corporations proxy all of their HTTP traffic through a single IP address (or small range of IP addresses) so what may appear as an "attack" from a single IP address could actually be many different people behind the same firewall or proxy.