I am running Apache web server on Ubuntu. I am trying to reduce the load on the server due to aggressive bot traffic. Thus I am trying to make use of Apache's mod QOS (http://mod-qos.sourceforge.net/index.html) to create a rate limiter for aggressive users.
I've configured it with this:
<IfModule mod_qos.c>
SetEnvIf Request_URI ^/ LimitHits
QS_ClientEventLimitCount 100 100 LimitHits
QS_ErrorResponseCode 429
</IfModule>
This blocks a user if they exceed 100 requests in 100 seconds.
The problem, though, is that this configuration, for some unknown reason, blocks all users when any user crosses the threshold.
It is odd, because this specific variable is shown in the docs to be tied to a requestor's IP, which is exactly what I am trying to do.
QS_ClientEventLimitCount: Defines the maximum number of requests having the defined environment variables (QS_Limit by default) set allowed within the defined time (default is 600 seconds). Requests from client IP's reaching this limitation are denied for the specified time (blocked at request level).
The access logs do show the client IP of each request so I know that these IPs are coming through to Apache.
How can I get the variable QS_ClientEventLimitCount to behave as expected and only count requests and block on a per-IP basis?
