Limiting Apache Connections By IP - mod_throttle, mod_limitipconn, what?

OK, so I have a server that's serving large file downloads. People
using download accelerators, especially from slow network locations,
are maxing out my Apache procs and DoSsing the site.

Example: someone with an accelerator set to "download in 50 KB chunks"
in China - when pointed at a 650 MB file, they fill it right up. I
figure what I need to do is limit the number of simultaneous
connections from a given IP - our FTP daemon which serves the same
content does this and it eliminates the problem.

So I looked around and couldn't find a great solution. mod_throttle
was spoken well of but it's taken down and there's some snarky message
by the author on his Web site about "it's down and don't ask me why."
I found mod_limitipconn but it doesn't look like it's been touched
since 2002.

So question - what's a good, well-supported way to do this (in Apache
1.3 or 2.x on Red Hat)?

Thanks,
Ernest Mueller

ernestm@mindspring.com wrote:
> OK, so I have a server that's serving large file downloads. People
> using download accelerators, especially from slow network locations,
> are maxing out my Apache procs and DoSsing the site.
>
> Example: someone with an accelerator set to "download in 50 KB chunks"
> in China - when pointed at a 650 MB file, they fill it right up. I
> figure what I need to do is limit the number of simultaneous
> connections from a given IP - our FTP daemon which serves the same
> content does this and it eliminates the problem.
>
> So I looked around and couldn't find a great solution. mod_throttle
> was spoken well of but it's taken down and there's some snarky message
> by the author on his Web site about "it's down and don't ask me why."
> I found mod_limitipconn but it doesn't look like it's been touched
> since 2002.
>
> So question - what's a good, well-supported way to do this (in Apache
> 1.3 or 2.x on Red Hat)?
>
> Thanks,
> Ernest Mueller
>

My understanding is that mod_throttle doesn't work on Apache 2.xx

You might try this for a alternative to mod_throttle http://cband.linux.pl/


--
MicroSoft's NEW Motto: "Good enough." When you're on top, that's the
only standard that matters.

Thought I'd just send my 0.5€ worth of info: mod_cband, as stated in
the previous comment, is exactly what you need.

Of course, if you have some sort of Linux firewall/balancer or your
web server is running in Linux, you can get away with iptables and the
limit module (max connections per second, for instance), which is way
faster then letting the connections go all the way up, just to be
blocked anyway.

Regards,
Ricardo Oliveira
http://apache.superbofh.org/ - Apache book in Portuguese

Ricardo Manuel Oliveira wrote:
> Thought I'd just send my 0.5€ worth of info: mod_cband, as statedin
> the previous comment, is exactly what you need.
>
> Of course, if you have some sort of Linux firewall/balancer or your
> web server is running in Linux, you can get away with iptables and the
> limit module (max connections per second, for instance), which is way
> faster then letting the connections go all the way up, just to be
> blocked anyway.
>
> Regards,
> Ricardo Oliveira
> http://apache.superbofh.org/ - Apache book in Portuguese

....which is going to mess up anybody behind a proxy (i.e. all of AOL,
NTL and others).

If this is a serious problem, then a better solution might be to write
your own wrapper in PHP or Perl with a session mutex.

C.