Re: Limiting connections per IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/27/07, Oliver <oliver341@xxxxxxxxx> wrote:
> On 27 September 2007 at 14:06, Christian Folini wrote:
> > On Thu, Sep 27, 2007 at 01:57:35PM +0100, Oliver wrote:
> > > So my question in simple terms is this: is there a way of limiting
> > > simultaneous connections per IP without having to launch additional
> > > processes to handle the rejections?
> >
> > You may want to have a look into mod_qos:
> > http://sourceforge.net/projects/mod-qos/
> > It gives you just that.
>
> Thanks for the pointer towards mod-qos. It did seem to be very suitable, but I've done some testing with ab and it seems to trigger the MaxClients setting just as mod_limitipconn and mod_cband do, even when I set QS_SrvMaxConnPerIP to 6. I have checked my settings are configured correctly using mod_info. The module was rejecting connections over 6, but not before a new process was launched to handle the http rejection.
>

Apache is a single-thread/process-per-connection server. In order for
any apache module to handle a connection, it must be accepted by a
thread/process and will thus count towards MaxClients until it gets
dropped/responded to. There is no way to avoid that, short of major
architectural changes (which are slowly appearing via the event mpm).

If you need to make sure that requests don't make it through to apache
at all (and therefore don't count towards MaxClients), you really need
to use your OS firewall. This is by far the most efficient way to
handle the problem as well. So you may want to go back to looking at
ways to fix iptables.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux