Abstract: Two Apache modules are recommended for you, one is mod_vhost_limit, which is used to limit the number of concurrent requests, and the other is mod_limitipconn, which is used to control the number of concurrent connections of Apache. This module can limit the number of concurrent connections of the same source IP. Another module is bw_mod, which is used for Apache website bandwidth control. It can divide the bandwidth according to the source IP and network segment, and can also limit the bandwidth according to the website file type. The parameters are more flexible and can be adjusted according to your actual situation.
We recommend two Apache modules, one is mod_vhost_limit, which is used to limit the number of concurrent requests, and the other is mod_limitipconn, which is used to control the number of concurrent connections of Apache. This module can limit the number of concurrent connections of the same source IP. Another module is bw_mod, which is used for Apache website bandwidth control. It can divide the bandwidth according to the source IP and network segment, and can also limit the bandwidth according to the website file type. The parameters are more flexible and can be adjusted according to your actual situation.
Limit the number of concurrent
Go to the official website: http://ivn.cl/category/apache/ (if you don't understand, look for mod_vhost_limit directly)
Install:
apxs -c mod_vhost_limit.c -o /path/to/libexec/mod_vhost_limit.so
in httpd.conf add:
LoadModule vhost_limit_module libexec/mod_vhost_limit.so
AddModule mod_vhost_limit.c
Configuration:
MaxClients 150
ExtendedStatus On
NameVirtualHost *
<VIRTUALHOST * />
ServerName server1
DocumentRoot /some/where/1
MaxVhostClients 100
<VIRTUALHOST * />
ServerName server2
DocumentRoot /some/where/2
MaxVhostClients 30
<VIRTUALHOST * />
ServerName server3
DocumentRoot /some/where/3
Where: server1 is limited to 100 concurrent threads. server2 is limited to 30 concurrent threads. server3 is not restricted.
Note: ExtendedStatus On support of mod_status is required! !
If the concurrent number exceeds the limit, a 503 error will appear on the client side
--------------------- -------------------------------------------------- --------
Limit the number of IP connections
to download the module here http://dominia.org/djao/limit/mod_limitipconn-0.04.tar.gz
Install:
tar zxvf mod_limitipconn-0.04.tar.gz
cd mod_limitipconn-0.04
make APXS=/usr/local/apache/bin/apxs ß----- here to set according to your own path
make install APXS=/usr/local/apache/bin/apxs ß----- here to press
Edit httpd.conf
to add
global variables to your own path settings :
< IfModule mod_limitipconn.c >
< Location / > # 所有虚拟主机的/目录
MaxConnPerIP 3 # 每IP只允许3个并发连接
NoIPLimit image/* # 对图片不做IP限制
< /Location >
< Location /mp3 > # 所有主机的/mp3目录
MaxConnPerIP 1 # 每IP只允许一个连接请求
OnlyIPLimit audio/mpeg video # 该限制只对视频和音频格式的文件
< /Location >
< /IfModule >
or for virtual hosts:
< VirtualHostxx.xxx.xx.xx > ##ip 地址
ServerAdmin [email protected]
DocumentRoot /home/easy
ServerName www.phpv.net
< IfModulemod_limitipconn.c >
< Location / >
MaxConnPerIP 5
NoIPLimit image/*
< /Location >
< Location /mp3 > # 所有主机的/mp3目录
MaxConnPerIP 2 # 每IP只允许一个连接请求
OnlyIPLimit audio/mpeg video # 该限制只对视频和音频格式的文件
< /Location >
< /IfModule >
< /VirtualHost >
-------------------------------------------------- --------------------------------------------
limit bandwidth:
download module ftp ://ftp.cohprog.com/pub/apache/module/1.3.0/mod_bandwidth.c
install:
/usr/local/apache/bin/apxs -c ./mod_bandwidth.c -o /usr/local/apache/ libexec/mod_bandwidth.so
<------- above /usr/local/apache please set to your path
Edit httpd.conf
add:
LoadModule bandwidth_module libexec/mod_bandwidth.so
AddModule mod_bandwidth.c
Restart your apache
from: http://www.phpv.net/article.php/300
----------------------------- -------------------------------------------------- ---------------
First, for mod_limitipconn, in fact, this module not only provides the ability to control the number of concurrent connections on the client side, but also from a security point of view, it can also play a role in countering the attack initiated by the fixed source IP address. DOS attacks, including a large number of access request attacks with a fixed source (a large number of GET or POST request attacks), when the number of connections from the same source IP address exceeds the limit, the other party's access request will be bounced back, giving the other party a "503" The service is temporarily unavailable" response. When the Apache server is attacked by a large number of access requests, due to a large number of Apache processes and running consumption of PHP and MYSQL, the server resources will be rapidly exhausted, and the website will be opened slowly or paralyzed. If it is this type of attack, using the mod_limitipconn module can effectively improve the anti-attack capability of the server, because a large number of requests are bounced back, saving the performance consumption of the server running PHP and MYSQL. Of course, as long as the request enters port 80, whether it is accepting or bouncing the request, Aapche has operating costs, so this method can only be reduced but not solved. After all, the processing efficiency of the application layer is relatively low.
2. When the website has a large number of visits, the mod_limitipconn module is used, and the number of concurrent connections on the same client is limited to less than 3, if the default configuration parameters of Apache are used, the prompt "The service is temporarily invalid" is very likely to appear frequently. Because Apache defaults to "KeepAlive on" and "KeepAliveTimeout 180", once a connection is established, the connection will not be released within 3 minutes. Therefore, if the frequency of clicks on different pages of the website is high or there are many image resources, there will often be a prompt that the service is temporarily invalid. Then there are two ways to solve it. One is to increase the number of concurrent connections. For example, set the number of concurrent connections to 10 for ordinary sites and 20 for image sites. Another way is if you don't want to increase this value, you can set KeepAlive to off, and then shorten the Timeout time, so that the connection will be released soon. Adjust the test as needed to get a value that best suits your site conditions.
3. If you want to limit the number of concurrent connections and bandwidth at the same time, use bw_mod+mod_limitipconn, because although bw_mod can also control the number of concurrent connections, it is for the number of concurrent connections for a directory or the entire website, which is used to control the server side The total number of connections, such as setting MaxConnection all 1000, then the maximum number of concurrent connections that this website can accept is 1000, instead of limiting the number of concurrent connections for each client, and mod_limitipconn is for the same source IP. The number of concurrent connections for clients , so the limit of the number of connections between the two is different.
4. Personally feel that after using the bw_mod and mod_limitipconn modules, the website access speed has decreased, which can be intuitively felt, and the CPU load has increased. Especially in the case of a large number of website visits, these two modules will consume a certain amount of host performance, so everyone should use them according to the situation. In addition, there is a parameter in bw_mod to set the control precision and frequency. The default is 1000 milliseconds. If you want to improve the bandwidth control precision, change this value to a smaller value, but it will consume more CPU resources, and vice versa. Improve performance.
https://my.oschina.net/xinger/blog/365446