httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Georgi Chorbadzhiyski ...@unixsol.org>
Subject Re: [users@httpd] apache 2.0 time/request client limit
Date Wed, 11 Oct 2006 16:19:45 GMT
Nagy Zoltán Márk wrote:
>> Nagy Zoltán Márk wrote:
>> > Is there any opportunity for apache 2.0 where i can restrict clients
>> > through time/request?
>> > For example: accept maximum 20 requests from an apache client in a second.
>>
>> I don't think this is possible with stock Apache 2 (and it probably is the
>> wrong place for such restrictions) but if you're using Linux 2.6 look
>> at iptables's hashlimit module.
>>
>> Example:
>>
>>   $IPTABLES -A INPUT -p tcp --syn -d IP --dport 80 -j HASHLIMIT
>>
>>   $IPTABLES -A HASHLIMIT \
>>     --match hashlimit --hashlimit-name demo_site --hashlimit-mode srcip,dstip \
>>     --hashlimit 1/minute --hashlimit-burst 1 --hashlimit-htable-expire 20000 --hashlimit-htable-gcinterval
1000 -j ACCEPT
>>
>> This allows 1 request per 20 seconds from IP.
>
> Yes, but this restricts via IP and it can be occured, that more
> clients use the same IP as a gateway.

Sure, but isn't this what you actually want - "accept maximum 20 requests
from an apache client in a second". How to you define apache client?

-- 
Georgi Chorbadzhiyski
http://georgi.unixsol.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message