To clarify, I do not wish to limit the number of simultaneous connections, nor do I want to limit the number of HTTP requests. I only want to limit the number of NEW connections per IP.
I want to do this because most web crawlers do not have keep-alive functionality and thus they open a new connection for every request.
I vaguely remember reading about a mod that could do this, but I can't remember the name. Hopefully, someone here can help me out.
Best Answer
I wouldn't do it in apache.. I'd do it at network layer with iptables.
Change 86400 to the number of seconds you want to keep the block for (86400 is 1 day), and 100, is the hit count, how many you're prepared to allow per IP.
You can also change
-j REJECT
to-j DROP
, which defines the packet behaviour when the condition is met.DROP
seamlessly drops packets, andREJECT
returns a "port unreachable" or similar error.That said, there was a
mod_throttle
that would do something similar, but I can't seem to find much information about it. I think it feels neater to do this kind of thing at the network/kernel level, rather than in Apache. Apache is good at serving requests. Let it do what it does best, and don't burden it with having to track connections too.