httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Pasher <just...@newmediagateway.com>
Subject Re: [users@httpd] allow only 20 concurrent connections per IP?
Date Wed, 01 Apr 2009 20:27:59 GMT
Evan Platt wrote:
> At 12:59 PM 4/1/2009, you wrote:
>> What is the best way to limit concurrent connections per IP to, say, 20?
>>
>> I'm having some problems with "connection storms" caused by bots 
>> harvesting websites.
>
> mod_limitipconn.c  ?
>
> http://dominia.org/djao/limitipconn2.html

I can vouch for mod_limitipconn. I use it myself to block "broken" 
browsers that try to open too many simultaneous connections and fill up 
the apache connection slots. As a global option, I have the block limit 
set very high (70 connections). However, you can always be more 
aggressive if you see fit. A value of 20 or 30 (as you stated in another 
email) is pretty reasonable. The gotcha is that it could potentially 
block legitimate requests from different people if they are all behind 
the same NAT address (such as an office connection). That's one reason 
why I'm not too aggressive in my settings.

Going the iptables route would work too, but I think it would be much 
easier to just manage it strictly on the apache side.

-- 
Justin Pasher

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message