Monday, November 28, 2011

How to limit connections per User IP in Apache 2.2 CentOs

If you are a system admin or a webmaster, you will face this question at some point of time. How do I limit connections per user ip in Apache 2.2? Generally, you get good users visiting your site who use the site normally requesting one or two page at a time. But then there are a few malicious user who would want cause grief to you and your server by overloading the server with requests. To handle such malicious user, you need the mod_limitipconn module. This module keeps check on the number of connections a single ip can make simultaneously. There are configurable options that help you tune this module. So, now to the point.. How do I install this on my server?
I am outlining the steps for my server, ie. CentOs 5.2 with Apache 2.2
  • wget
  • rpm -i mod_limitipconn-0.23-4.el5.x86_64.rpm
  • vi /etc/http/modules/ipconn.conf
    Add following to the content of ipconn.conf
    # LimitIPConn module limits the number of connection to apache
    # per IP address. This helps in limiting the simultaneous downloads and will help
    # prevent slow users from blocking your servers.

    LoadModule limitipconn_module modules/
  • Make sure ‘ExtendedStatus‘ is ON in /etc/httpd/conf/httpd.conf
  • You will have to configure the module for each of your virtual host that you need to implement the limitip for.

    MaxConnPerIP 3
    # exempting images from the connection limit is often a good
    # idea if your web page has lots of inline images, since these
    # pages often generate a flurry of concurrent image requests
    NoIPLimit image/*

    MaxConnPerIP 1
    # In this case, all MIME types other than audio/mpeg and video*
    # are exempt from the limit check
    OnlyIPLimit audio/mpeg video

  • Save the config file and test the new configuration “/etc/init.d/httpd configtest”. If you get “Syntax OK”, then all you need to do is restart the server and you are good to go.
This is a brief guide on how I got mod_limitipconn working on my server.

No comments:

Post a Comment