On 9/27/07, Oliver <oliver341@xxxxxxxxx> wrote: > On 27 September 2007 at 14:06, Christian Folini wrote: > > On Thu, Sep 27, 2007 at 01:57:35PM +0100, Oliver wrote: > > > So my question in simple terms is this: is there a way of limiting > > > simultaneous connections per IP without having to launch additional > > > processes to handle the rejections? > > > > You may want to have a look into mod_qos: > > http://sourceforge.net/projects/mod-qos/ > > It gives you just that. > > Thanks for the pointer towards mod-qos. It did seem to be very suitable, but I've done some testing with ab and it seems to trigger the MaxClients setting just as mod_limitipconn and mod_cband do, even when I set QS_SrvMaxConnPerIP to 6. I have checked my settings are configured correctly using mod_info. The module was rejecting connections over 6, but not before a new process was launched to handle the http rejection. > Apache is a single-thread/process-per-connection server. In order for any apache module to handle a connection, it must be accepted by a thread/process and will thus count towards MaxClients until it gets dropped/responded to. There is no way to avoid that, short of major architectural changes (which are slowly appearing via the event mpm). If you need to make sure that requests don't make it through to apache at all (and therefore don't count towards MaxClients), you really need to use your OS firewall. This is by far the most efficient way to handle the problem as well. So you may want to go back to looking at ways to fix iptables. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx