Set a limit for web downloads

[Jack Stone]

Using FBSD-7.4 and Apache22

We have a protected (login) vhost web site requiring a paid subscription. It contains valuable intellectual material and is highly desired around the globe (we're in 218 countries).

Over the years, numerous attempts have been made to mass download the entire site when in fact they are supposed to read a single document of interest and can even download it for personal use only. We have used every tool we could find to foil such attempts and such has helped greatly but still not 100% foolproof.

We can set traps and snag known mass downloaders and abort such sessions. But that list just keeps on growing.

We put most of those tools in the htaccess file specifically designed for that site. Our login system can set the times a specific IP can login within a certain time and that is set to twice in 24 hours. Since most folks are honest, we don't want to punish them unfairly, so we need to focus a tool on offenders.

I've looked for some way to set off alerts when a user exceeds a certain download limit, but no dice. Plenty of ways to limit UPloads but not downloads. I've looked at all the htacces tips and nothing there, nor does apache22 contain such a trigger that I can find and limit it to just that vhost.

Maybe I've missed something in my search. I've also thought about looking for some script that can be triggered to stop an offending session.

I hope the above is stated clearly and if anyone knows of some useful trick, I'd sure appreciate being pointed toward it.
 
(^-^) 
Best regards, 
Jack L. Stone