httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject [users@httpd] Re: Apache 2.x and limiting request volume
Date Mon, 26 Aug 2002 19:08:43 GMT
Robert La Ferla wrote:
> Apache Gurus,
> What is the best way to limit abusive requests to an Apache 2.x server? 
> For example, some jerk decides to run a script that accesses a CGI on 
> your site 100 times every 5 seconds.  How can you configure Apache to 
> limit or deny these abusive requests?  Are the RLimitCPU and related 
> directives helpful here?  What about mod_throttle or the like?  If so, 
> is there a 2.x version?

No, RLimitCPU will not help at all for this.

The best way to handle this is with operating system and firewalling 
features.  Keep it out of the hair of the web server entirely.

Yes, mod_throttle is what many people use in 1.3.  I do not believe it 
has a 2.0 equivalent yet.  Certainly there is some demand for that sort 
of thing.

Finally, I know some people do dynamic parsing of the log files and 
update httpd.conf (or, even better, their firewall rules) to block 
abusive IPs.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message