1

Is there something that I can use to set rules for Apache to throttle temporarily or ignore any IP address that makes X number of requests per second?

It would be great if there is an Apache module for this. I had a look at mod_bandwidth and mod_limitipconn but it seems they base things on bandwidth which is very hard for me to determine bandwidth in terms of number of requests per IP.

I would be happy to use something external to Apache that will work on a standard Linux server (Fedora or CentOS).

Abs
  • 1,559
  • 5
  • 19
  • 32

1 Answers1

2

iptables has rate- and connection-limiting modules available:

iptables -I INPUT -m limit --limit X/second -p tcp --dport 80 --syn -j ACCEPT

Note that this won't actually limit the number of HTTP requests; it'll limit the number of TCP connections, which might not correspond to the number of HTTP requests if the browser is using keepalive. Also note that most browsers will make a large number of parallel connections; you might want to use the --limit-burst option to make sure users don't get blocked by this behaviour.

womble
  • 96,255
  • 29
  • 175
  • 230