[olug] Limiting connections to Apache server based on IP address?
Jay Hannah
jhannah at mutationgrid.com
Fri Sep 24 22:28:22 UTC 2010
On Sep 24, 2010, at 4:58 PM, Dan Linder wrote:
> I'm looking for a way to limit the number of active users/connections
> connecting into an Apache server.
Usually taking an educated guess at these settings:
http://httpd.apache.org/docs/current/mod/prefork.html
MaxClients
MaxSpareServers
MinSpareServers
And then using ab to simulate floods while watching your memory consumption is sufficient. Tune as high as possible without swapping.
http://httpd.apache.org/docs/2.0/programs/ab.html
> From Googling, I see that there are some Apache modules that limit based on
> the directory on the Apache server, but I'd like to limit it based on IP
> address/subnet.
Why? What behavior are you trying to block?
I've never heard of anyone doing that. My Googling leads to
http://lartc.org/
http://www.tek-tips.com/viewthread.cfm?qid=1265508&page=2
http://ask.slashdot.org/article.pl?sid=04/01/31/204204
http://www.topology.org/src/bwshare/README.html
But I'd be surprised if you actually want to try to play that game.
> Any suggestions? (Aside from "buy a bigger/faster server" -- already went
> that route and we were shot down.)
You'll always have finite capacity. All you can do is tune for what you have / budget, monitor, react.
HTH,
Jay Hannah
Software Architect
jhannah at mutationgrid.com | http://mutationgrid.com | 1-402-598-7782
More information about the OLUG
mailing list