Tuesday, June 7, 2011

Limit simultaneous connections per IP (Apache 2)

I previously described a way to block download accelerators by disallowing all partial file requests. However, this has the side effect of disabling all pause/resume capabilities and perhaps could have other side-effects. I therefore decided to add mod_limitipconn to my Apache server. This module will allow you to enforce per-IP connection limits to individual files, directories, MIME types, and servers. Yes, it is quite granular. I've found this to be a superior solution. Not only does it help with download accelerators, but it is a generally good security policy. I'll leave it to the reader to Google for full description and configuration instructions.

UPDATE: mod_limitipconn has been replaced (on my server) by mod_qos. The latter is not only better supported in management tools like cPanel, but also can do everything mod_limitipconn could do, plus about a thousand other things.

Example mod_qos setup to limit per-IP connection count:

QS_SrvMaxConnPerIP 30

Of course, there is much more you can do. If the connection count gets too high, you can limit bandwidth, for instance. It's simply a great Apache extension.

No comments:

Post a Comment