KP Solutions

Solutions for Day to Day Technical Problems

How to limit connections per User IP in Apache 2.2 CentOs

July 8, 2010 by Ketan Patel | 4 Comments

If you are a system admin or a webmaster, you will face this question at some point of time. How do I limit connections per user ip in Apache 2.2? Generally, you get good users visiting your site who use the site normally requesting one or two page at a time. But then there are a few malicious user who would want cause grief to you and your server by overloading the server with requests. To handle such malicious user, you need the mod_limitipconn module. This module keeps check on the number of connections a single ip can make simultaneously. There are configurable options that help you tune this module. So, now to the point.. How do I install this on my server?

I am outlining the steps for my server, ie. CentOs 5.2 with Apache 2.2

  • wget http://dl.atrpms.net/all/mod_limitipconn-0.23-4.el5.x86_64.rpm
  • rpm -i mod_limitipconn-0.23-4.el5.x86_64.rpm
  • vi /etc/http/modules/ipconn.conf

    Add following to the content of ipconn.conf
    # LimitIPConn module limits the number of connection to apache
    # per IP address. This helps in limiting the simultaneous downloads and will help
    # prevent slow users from blocking your servers.
    #
    <IfModule prefork.c>
    LoadModule limitipconn_module modules/mod_limitipconn.so
    </IfModule>

  • Make sure ‘ExtendedStatus‘ is ON in /etc/httpd/conf/httpd.conf
  • You will have to configure the module for each of your virtual host that you need to implement the limitip for.

    <IfModule mod_limitipconn.c>
    <Location /forums>
    MaxConnPerIP 3
    # exempting images from the connection limit is often a good
    # idea if your web page has lots of inline images, since these
    # pages often generate a flurry of concurrent image requests
    NoIPLimit image/*
    </Location>
    <Location /video>
    MaxConnPerIP 1
    # In this case, all MIME types other than audio/mpeg and video*
    # are exempt from the limit check
    OnlyIPLimit audio/mpeg video
    </Location>
    </IfModule>

  • Save the config file and test the new configuration “/etc/init.d/httpd configtest”. If you get “Syntax OK”, then all you need to do is restart the server and you are good to go.

This is a brief guide on how I got mod_limitipconn working on my server. If you have any questions, please feel free to post in comment and I will try to answer your questions.

  • Apache2

    I have apache 2 and did all steps and not working i am able to open multiple sessions:

        ServerAdmin xxx@xxxx.net
        DocumentRoot /var/www/html/agento
        ServerName agento-test
        ServerAlias agento-qatest
        ErrorLog logs/agento-qatest-error_log
        CustomLog logs/agento-qatest-access_log common

    MaxConnPerIP 2
    # exempting images from the connection limit is often a good
    # idea if your web page has lots of inline images, since these
    # pages often generate a flurry of concurrent image requests
    #NoIPLimit image/*

  • http://idrapidleech.com/ Imazabe

    which this setting can work if user used idm to download some files from server ?

  • kpsolution

     This settings are in general and apply to any download on your server as long as the port and the file type matches.

  • kpsolution

     Were you opening multiple connections at same time? To test it.

    Try downloading 6 files simultaneously using your browser in 6 tabs. Make sure those are big files that would take some time to download while you opening 6 tabs.