Tuesday, December 12, 2006

Limiting apache connections per IP

There are many cases, where on a shared hosting environment, one of the sites may be getting slashdotted or dugg for various reasons. That is where mod_limitipconn comes to help. There are many such modules available. This situation arised on apache 1.3 server for me, and so the patch is meant for 1.3 server only.

Installation
~~~~~~~~~~~~~~~~~

wget http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
wget ftp://ftp.opennet.ru/pub/web/modules/limits/mod_limitipconn-0.04-vhost.patch
tar xvzf mod_limitipconn-0.04.tar.gz
cd mod_limitipconn-0.04/
patch -p1 < ../mod_limitipconn-0.04-vhost.patch

This was a cPanel server and apache root was at /usr/local/apache. So used the following commands

/usr/local/apache/bin/apxs -c mod_limitipconn.c
/usr/local/apache/bin/apxs -i -a -n limitipconn mod_limitipconn.so

The above two commands, should have made a backup copy of your existing httpd.conf and added two new lines,

LoadModule limitipconn_module libexec/mod_limitipconn.so
AddModule mod_limitipconn.c

The apxs command need not be issued, you can simple edit the Makefile and change the first line which says,

APXS = apxs
to
APXS = /usr/local/apache/bin/apxs

and then run the normal make and make install thing.

Configuration
~~~~~~~~~~~~~

For the Vhost you have to limit, say, you want to limit access to http://www.example.com/gallery/ (which may be having lots of controversial pics) use this inside it's virtual host section, like


<Location /gallery>
        MaxConnPerUid 25
        MaxConnPerIP 2
</Location>

What it essentially means 25 connections to gallery and each can access or view two images at a time. There are more directives for limitconnip module which you can find from the code. After the addition the Vhost section may look like below,

<Virtualhost 192.168.1.102>
ServerAlias example.com
ServerAdmin webmaster@example.com
DocumentRoot /home/example/public_html
BytesLog domlogs/example.com-bytes_log
ServerName www.example.com

<IfModule mod_limitipconn.c>
        <Location /gallery>
        MaxConnPerUid 25
        MaxConnPerIP 2
        </Location>
</IfModule>

User example
Group example
CustomLog /usr/local/apache/domlogs/example.com combined
ScriptAlias /cgi-bin/ /home/example/public_html/cgi-bin/
</VirtualHost>

Other options to check are mod_vhost_limit , mod_throttle , mod_bandwidth, mod_curb and mod_cband. There may be few more such bandwidth throttling modules available. If you find better ones, do suggest. I will be interested in learning them.

Posted by HJKL a.k.a h2l at 4:44 AM

Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)