Limit Apache requests per IP Address with mod_limitipconn

Limiting Apache requests per IP Address is always a good idea. It can prevent site issues where people attempt to DoS/DDoS you or resource hungry bots slowing your site down. Every Apache install should run mod_limitipconn which allows administrators to limit the number of simultaneous requests permitted from a single IP address. It goes very well with mod_evasive which does a very similar job but with a slightly different focus. I’ve run both with no issues. Here’s my mod_evasive threads; 2010, 2013.

Installing on CentOs/Fedora is easy. (Install the EPEL Repo)

[codesyntax lang=”bash”]
yum install mod_limitipconn

This will create you a /etc/httpd/conf.d/limitipconn.conf file. Tweak and restart Apache.

Installing from source with APXS isn’t much more difficult

[codesyntax lang=”bash”]

wget http://dominia.org/djao/limit/mod_limitipconn-0.24.tar.bz2
tar xavf mod_limitipconn-0.24.tar.bz2
cd mod_limitipconn-0.24
make install

I edited the config file/etc/httpd/conf.d/limitipconn.conf and added

[codesyntax lang=”apache”]
MaxConnPerIP 10

This simply limits all users to 10  simultaneous requests. Of course you can be clever and add options specific to directories / MIME Types and anything else supported in Apache, like this;

[codesyntax lang=”apache”]
<Location /some_folder>
MaxConnPerIP 3
NoIPLimit image/*
</Location>

or

[codesyntax lang=”apache”]
<Directory /home/*/public_html>
MaxConnPerIP 1
OnlyIPLimit audio/mpeg video
</Directory>

Check out the documentation for more information.

Author: Kieran Barnes

Kieran is a PHP developer with 15 years commercial experience. Specialist in WordPress, CakePHP, CubeCart and all things PHP.

Leave a Reply

Your email address will not be published. Required fields are marked *