I would like to set a maximum limit for the number of connections that can be made to Apache from a single external IP address.
What would be the best way to achieve this?
Thanks
apache-2.2
I would like to set a maximum limit for the number of connections that can be made to Apache from a single external IP address.
What would be the best way to achieve this?
Thanks
Best Answer
I believe that
mod_qos
is probably going to be the answer to your prayers. I can't provide any specific configuration or recommendations, because I've never actually used it, but it comes with all the knobs you're likely to need.More generally,
iptables
is more than capable of handling this sort of thing itself, and it's a far better solution (do networky stuff at the networky level). This is especially true if you want to deal with other protocols as well as HTTP, or only want to apply the limits to a subset of connections.The
iptables
command you want is something likeThis will limit incoming connections to 5 per second.
Note, however, that connection limiting can be a real pain for legitimate users who just happen to be heavy users of the site, and it'll only slow down attackers that really aren't a concern anyway. Use with caution.