I am not sure if this should be done via iptables or apache. But supposing I have one ip address that just shoots my bandwidth up by sucking large files or something, can I put an artificial "cap" on such a person after he uses something like 10 megs in a minute or some threshold I set? If I tag this IP as abusive then I could throttle him down to 100KB/S or something using an artificial capping. This would be on a proxy site btw where my bandwidth is metered. Any suggestions?
to block him just add -A INPUT -s xxx.xxx.xxx.xxx -j DROP at the BEGINING of your iptables configuration and run iptables-restore run iptables -L -v -n to see where in the chain he is going to get dropped. You can add port 80 (or whatever port you're using) to the above just do this on a specific port. You can also add "quota" rules to this, but I think it only applies to number of "new" connections within a specific interval. I don't remember any rules that would throttle the bandwidth, maybe there are as additional modules to iptables, in any case you'll need a full root access to make such a change. I would not recommend you do it yourself if you are not familiar with iptables, the way the rules are setup and executed. If you have an IP KVM to the machine, you can try it, but always keep a "good" version of iptable configuration handy, just in case you need to restore it.
I know how to block in iptables. I just add that IP through the webmin firewall GUI. What I want is to automatically block or "throttle" new IPs that come in and start leeching too much at the expense of the rest of the clients. So I need to throttle more than ban IPs. I know apache has something like mod_throttle or some such but I would prefer to do this via iptables or shorewall if possible.