I have installed mod_throttle on my server.
But I don't realize why there is a "reset all" link located
in throttle-status web page. Does that mean anybody who visit
throttle-status web page can press that link and I will lose
all my mod_throttle data ?

Can I disable that "reset all" link. Or can I password protect
throttle-status from other visitors ?

I don't know if you can password protect it or not, maybe someone can reply to that. However, I know you can change the name of the directory to something that only you know. ;)

I was wondering the same thing..

The throttle-status display is intended for the system administrator
ONLY. Clients should use the throttle-me display for their domain name,
which does not have these special links.

You can password protect the throttle-status handler using Apache's
Auth* directives (those that you would use in a .htaccess file); just
place them in the <location /throttle-status> and/or <location
/throttle-me> blocks. Also you can nest <location> and/or <directory>
blocks within <virtualhost> blocks if you want to limit access to
specific domains.

The config. I give in manual is the simplest of them. Apache is very
flexibable, so the combinations and nesting of <location> and
<directory> blocks with the global server or <virtualhost> leaves _alot_
of possibilities.

Anthony Howe


Can anyone tell me is this OK to password protect throttle-status ?

<Location /throttle-status>
SetHandler throttle-status
AuthType Basic
AuthName Throttle
AuthPAM_Enabled on
require user john
</Location>

(john is siteadmin of main site)

This would not cause problems as far as I can see.