Firewall (iptables) rule to limit Apache connections
Dave Johnson
dave-gnhlug-list at davej.org
Wed May 19 08:42:25 EDT 2010
Greg Rundlett (freephile) writes:
> I'm running Apache on a RedHat ES 4 with a 2.6.9 kernel.
>
> Occasionally we'll get a bunch of web requests from a single source (example
> user agent of HTTrack or Opera or IE5 will all give a user the ability to
> make a huge number of web requests). This ties up our Apache server as all
> available workers are sending responses (and might be waiting on the
> client-side connection speed as well). "Ties up" as in DoS -- nobody else
> can get to the website.
>
I use mod_limitipconn which does exactly that, limit connections based
on source IP, you can also restrict based on URL or content type:
ex:
<Location />
MaxConnPerIP 2
# In this case, all MIME types other than audio/mpeg and video
# are exempt from the limit check
OnlyIPLimit audio/mpeg video
</Location>
--
Dave
More information about the gnhlug-discuss
mailing list