httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Limiting connections per IP
Date Thu, 27 Sep 2007 16:49:48 GMT
On 9/27/07, Oliver <oliver341@gmail.com> wrote:
> On 27 September 2007 at 14:06, Christian Folini wrote:
> > On Thu, Sep 27, 2007 at 01:57:35PM +0100, Oliver wrote:
> > > So my question in simple terms is this: is there a way of limiting
> > > simultaneous connections per IP without having to launch additional
> > > processes to handle the rejections?
> >
> > You may want to have a look into mod_qos:
> > http://sourceforge.net/projects/mod-qos/
> > It gives you just that.
>
> Thanks for the pointer towards mod-qos. It did seem to be very suitable, but I've done
some testing with ab and it seems to trigger the MaxClients setting just as mod_limitipconn
and mod_cband do, even when I set QS_SrvMaxConnPerIP to 6. I have checked my settings are
configured correctly using mod_info. The module was rejecting connections over 6, but not
before a new process was launched to handle the http rejection.
>

Apache is a single-thread/process-per-connection server. In order for
any apache module to handle a connection, it must be accepted by a
thread/process and will thus count towards MaxClients until it gets
dropped/responded to. There is no way to avoid that, short of major
architectural changes (which are slowly appearing via the event mpm).

If you need to make sure that requests don't make it through to apache
at all (and therefore don't count towards MaxClients), you really need
to use your OS firewall. This is by far the most efficient way to
handle the problem as well. So you may want to go back to looking at
ways to fix iptables.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message