Recommended two Apache modules, one is mod_vhost_limit, to limit the number of concurrent requests, one is mod_limitipconn, to control the number of concurrent connections Apache, through the module can limit the number of concurrent connections of the same source IP. Another module is bw_mod, for Apache website Bandwidth control, can be based on the source IP, network segment to divide the bandwidth, can also be based on the Web site file type to limit bandwidth, parameters more flexible, can be adjusted according to their actual situation.
Limit number of concurrency
To the official website: http://ivn.cl/category/apache/(can not understand, directly find Mod_vhost_limit)
Installation:
Apxs-c Mod_vhost_limit.c-o/path/to/libexec/mod_vhost_limit.so
Join in httpd.conf:
Configuration:
Where: Server1 is limited to 100 concurrent threads. Server2 is limited to 30 concurrent threads. Server3 is not limited.
Note: Need Mod_status extendedstatus on support!!
A 503 error occurs on the client if the number of concurrent concurrency exceeds the limit
----------------------------------------------------------------------------------------------
Limit number of IP connections
Download the module here http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
Installation:
Tar zxvf mod_limitipconn-0.04.tar.gz
CD mod_limitipconn-0.04
Make Apxs=/usr/local/apache/bin/apxs?-----here to set your own path
Make install Apxs=/usr/local/apache/bin/apxs?-----here to set your own path
Edit httpd.conf
Add to
Global variables:
Or a virtual host:
----------------------------------------------------------------------------------------------
Limit bandwidth:
Download Module ftp://ftp.cohprog.com/pub/apache/module/1.3.0/mod_bandwidth.c
Installation:
/usr/local/apache/bin/apxs-c./mod_bandwidth.c-o/usr/local/apache/libexec/mod_bandwidth.so
<-------above/usr/local/apache please set as your path
Edit httpd.conf
Add to:
Restart your Apache.
from:http://www.phpv.net/article.php/300
----------------------------------------------------------------------------------------------
First, for Mod_limitipconn, in fact, the module not only provides the control of the number of concurrent connections to the client, from a security point of view can also play against the fixed source IP address of the DOS attack, including the source fixed a large number of Access request-type attacks (a large number of Get or POST request-type attacks), When the number of joins of the same source IP address exceeds a qualified value, it bounces back to the other's access request, giving the other party a "503 Service temporarily invalid" response. When the Apache server is subjected to a large number of Access request-type attacks, due to the large number of Apache processes and the consumption of PHP and MySQL, will lead to the rapid depletion of server resources, Web site opened slowly or paralyzed. If this type of attack, using the Mod_limitipconn module can effectively improve the server's anti-attack ability, because a large number of requests bounced back, saving the server to run PHP and MySQL performance consumption. Of course, as long as the request into the 80 port, whether it is to accept or bounce back the request, Aapche has a running cost, so this method can only be mitigated and can not be solved, after all, the application layer processing efficiency is relatively low.
Second, for the site traffic is large, using the Mod_limitipconn module and limit the same client concurrent join number less than 3, if using the Apache default configuration parameters, it is very likely that the "service temporarily invalid" prompt. Since Apache defaults to "KeepAlive on" and "KeepAliveTimeout 180", once a join is established, the join will not be released within 3 minutes. So if the site different page click frequency is relatively high or picture resources more, will often appear the service temporarily invalid prompt. Then there are two ways to solve, one is to increase the number of concurrent connections, such as set to a normal site 10 concurrent connections, the picture site is 20. Another way is if you do not want to increase this value, you can set keepalive to off, and then shorten the timeout time so that the join will be released quickly. Depending on the situation, adjust the test to get a value that best fits your site's situation.
Third, if you want to limit the number of concurrent connections and bandwidth, then use Bw_mod+mod_limitipconn, because although bw_mod can also control the number of concurrent joins, but he is a directory or the entire site of the number of concurrent joins, is used to control the server side of the total number of joins, For example, if you set maxconnection all 1000, the maximum number of concurrent joins that this site can accept is 1000, not the number of concurrent joins per client, and Mod_limitipconn is the number of concurrent joins for clients of the same source IP. So there is a difference in the number of connections between the two.
Iv. personal feeling with the Bw_mod and Mod_limitipconn module, the website access speed has decreased, can intuitively feel out, and the load of the CPU has risen. Especially in the case of a large number of site visits, these two modules will consume a certain host performance, so weigh the weight of this has to be the case for everyone to adopt. In addition, there is a parameter in the Bw_mod to set the control accuracy and frequency, the default is 1000 milliseconds, if you want to increase the bandwidth control accuracy of the value of small, but will consume more CPU resources, and vice versa, reduce accuracy can improve performance.
Apache limits concurrency, IP, bandwidth settings
