Hire a web Developer and Designer to upgrade and boost your online presence with cutting edge Technologies

Monday, November 28, 2011

How to limit connections per User IP in Apache 2.2 CentOs

If you are a system admin or a webmaster, you will face this question at some point of time. How do I limit connections per user ip in Apache 2.2? Generally, you get good users visiting your site who use the site normally requesting one or two page at a time. But then there are a few malicious user who would want cause grief to you and your server by overloading the server with requests. To handle such malicious user, you need the mod_limitipconn module. This module keeps check on the number of connections a single ip can make simultaneously. There are configurable options that help you tune this module. So, now to the point.. How do I install this on my server?
I am outlining the steps for my server, ie. CentOs 5.2 with Apache 2.2
  • wget http://dl.atrpms.net/all/mod_limitipconn-0.23-4.el5.x86_64.rpm
  • rpm -i mod_limitipconn-0.23-4.el5.x86_64.rpm
  • vi /etc/http/modules/ipconn.conf
    Add following to the content of ipconn.conf
    # LimitIPConn module limits the number of connection to apache
    # per IP address. This helps in limiting the simultaneous downloads and will help
    # prevent slow users from blocking your servers.
    #

    LoadModule limitipconn_module modules/mod_limitipconn.so
  • Make sure ‘ExtendedStatus‘ is ON in /etc/httpd/conf/httpd.conf
  • You will have to configure the module for each of your virtual host that you need to implement the limitip for.


    MaxConnPerIP 3
    # exempting images from the connection limit is often a good
    # idea if your web page has lots of inline images, since these
    # pages often generate a flurry of concurrent image requests
    NoIPLimit image/*


    MaxConnPerIP 1
    # In this case, all MIME types other than audio/mpeg and video*
    # are exempt from the limit check
    OnlyIPLimit audio/mpeg video

  • Save the config file and test the new configuration “/etc/init.d/httpd configtest”. If you get “Syntax OK”, then all you need to do is restart the server and you are good to go.
This is a brief guide on how I got mod_limitipconn working on my server.

No comments:

Post a Comment