File: README

package info (click to toggle)
libapache-mod-limitipconn 0.04-1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 72 kB
  • ctags: 34
  • sloc: ansic: 171; makefile: 12
file content (74 lines) | stat: -rw-r--r-- 2,704 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
mod_limitipconn.c
David Jao <djao@dominia.org>
Proxy tracking by Jonathan J. Miner <miner@doit.wisc.edu>

Apache C module to limit the maximum number of simultaneous connections
per IP address. Allows inclusion and exclusion of files based on MIME
type.

Example configuration:

---------------------------------------------------------------------------

ExtendedStatus On

# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so
AddModule mod_limitipconn.c

<IfModule mod_limitipconn.c>
    <Location /somewhere>
	MaxConnPerIP 3
	# exempting images from the connection limit is often a good
	# idea if your web page has lots of inline images, since these
	# pages often generate a flurry of concurrent image requests
	NoIPLimit image/*
    </Location>

    <Location /mp3>
	MaxConnPerIP 1
	# In this case, all MIME types other than audio/mpeg and video*
	# are exempt from the limit check
	OnlyIPLimit audio/mpeg video
    </Location>
</IfModule>

---------------------------------------------------------------------------

Notes:

  This module will not function unless mod_status is loaded and the
  "ExtendedStatus On" directive is set.

  The limits defined by mod_limitipconn.c apply to all IP addresses
  connecting to your Apache server. Currently there is no way to set
  different limits for different IP addresses.

  Connections in excess of the limit result in a stock 503 Service
  Temporarily Unavailable response. The job of returning a more useful
  error message to the client is left as an exercise for the reader.

  mod_limitipconn sets the LIMITIP environment variable to 1 whenever a
  download is denied on the basis of too high an IP count. You can use
  this variable to distinguish accesses that have been denied by this
  module. For example, a line like

      CustomLog /var/log/httpd/access_log common env=!LIMITIP

  in httpd.conf can be used to suppress logging of denied connections
  from /var/log/httpd/access_log. (Note that, if you want to do this,
  you'll probably also want to comment out the ap_log lines from
  mod_limitipconn.c to suppress error_log lines as well.)

Proxy client tracking

  By default, all clients behind a proxy are treated as coming from the
  proxy server's IP address. If you patch Apache with the included patch
  and configure with --with-forward and rebuild, the real IP addresses
  of clients behind proxies are correctly detected.  You will need to
  either compile statically or compile with -DRECORD_FORWARD.

  If you don't patch the server, DO NOT compile with RECORD_FORWARD
  defined. The module will still function, but it will not recognize
  clients behind proxies.