Home / server / Questions / 540743
Accepted
rustyx
Asked: 2013-09-22 14:00:49 +0800 CST

How to rate-limit Apache server on IP basis?

  • 772

I currently have a custom implementation in PHP/mysql that keeps track of web hits and blocks those that exceed a certain rate for the same IP. I.e. if a given source IP hits the server more than X times in the last Y seconds then it will be served a redirect to a predefined location Z and the normal request processing will be aborted.

It works OK, but puts significant stress on MySQL.

So I was wondering if there is a special tool for this available? Maybe an Apache module or some kind of filter?

apache-2.2

2 Answers

  1. Best Answer

    The best

    • mod_evasive (Focused more on reducing DoS exposure)
    • mod_cband (Best featured for 'normal' bandwidth control)

    and the rest

    One more option - mod_qos

    Not simple to configure - but powerful.

    http://opensource.adnovum.ch/mod_qos/

    • 7

  2. you may be able to do this at a lower level with iptables and bypass apache/mysql all together.... match and forward to another host / port? i have only dropped:

    iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 -j DROP
    • 5