-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathmod_limits.html
189 lines (165 loc) · 9.74 KB
/
mod_limits.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=windows-1251">
<title>mod_limits - Apache HTTP Server</title>
<link href="css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet">
<link href="css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size">
<link href="css/manual-print.css" rel="stylesheet" media="print" type="text/css">
<link href="images/favicon.ico" rel="shortcut icon"></head>
<body>
<div id="page-header">
<p class="menu"><a href="/manual/en/mod/index.html"><br>
</a><a href="/manual/en/sitemap.html"></a></p>
<p class="apache">A Module for Apache Version 1.3.x and later</p>
</div>
<div id="path">
<br>
</div>
<div id="page-content">
<div id="preamble"><h1>Apache Module mod_limits</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="#" title="English"> en </a></p>
</div>
<table class="module"><tbody><tr><th><a href="/manual/en/mod/module-dict.html#Description">Description:</a></th>
<td>Apache module to protect against DoS using the Range header attack
<br></td></tr>
<tr><th><a href="/manual/en/mod/module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="/manual/en/mod/module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>limits_module</td></tr>
<tr><th><a href="/manual/en/mod/module-dict.html#SourceFile">Source File:</a></th><td>mod_limits.c</td></tr>
<tr><th><a href="/manual/en/mod/module-dict.html#Compatibility">Compatibility:</a></th><td>Version 1.3.x and later</td></tr></tbody></table>
<h3>Summary</h3>
<p><code class="module"><span style="text-decoration: underline;">mod_limits</span></code>
is aimed at protecting the web server during attacks.<br />
It provides a few, very usefull, functionalities:<br />
<ul>
<li>Limit the maximum number of simultaneous connections</li>
<li>Limit the maximum number of simultaneous connections per Vhost</li>
<li>Limit the maximum number of spawned processes with the same UID</li>
<li>Do not serve request if the load is over certain value</li>
</ul>
This module will not function unless mod_status is loaded and the "ExtendedStatus On" directive is set.
</p>
</div>
<br>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="limitmaxconnsperip" id="maxconnsperip">LimitMaxConnsPerIP Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines the maximum number of connections from a single IP.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LimitMaxConnsPerIP <var>number</var> <var>(default: no limit)</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_limits</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 2.x</td></tr>
</table>
<p>This directive sets a limit of the maximum simultaneous connections to the server or to a vhost.
<div class="example"><h3>Example</h3><p><code>
ExtendedStatus On<br />
<br />
LoadModule limits_module modules/mod_limits.so<br />
<br />
<IfModule mod_limits.c><br />
LimitMaxConnsPerIP 30<br />
</IfModule><br />
<br />
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="limitmaxconnspervhost" id="maxconnspervhost">LimitMaxConnsPerVhost Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines the maximum number of connections from a single IP to a single Vhost.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LimitMaxConnsPerVhost <var>number</var> <var>(default: no limit)</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_limits</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 2.x</td></tr>
</table>
<p>This directive sets a limit of the maximum simultaneous connections to a vhost.
<div class="example"><h3>Example</h3><p><code>
ExtendedStatus On<br />
<br />
LoadModule limits_module modules/mod_limits.so<br />
<br />
<IfModule mod_limits.c><br />
LimitMaxConnsPerVhost 30<br />
</IfModule><br />
<br />
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="limitmaxconnsperuid" id="maxconnsperuid">LimitMaxConnsPerUID Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines the maximum number of processes with the same UID.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LimitMaxConnsPerUID <var>number</var> <var>(default: no limit)</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_limits</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 2.x</td></tr>
</table>
<p>This directive sets a limit of the maximum simultaneous processes for a single UID
<div class="example"><h3>Example</h3><p><code>
ExtendedStatus On<br />
<br />
LoadModule limits_module modules/mod_limits.so<br />
<br />
<IfModule mod_limits.c><br />
LimitMaxConnsPerUID 30<br />
</IfModule><br />
<br />
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="limitmaxloadavg" id="limitmaxloadavg">LimitMaxLoadAVG Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines the maximum number of connections from a single IP.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LimitMaxLoadAVG <var>number</var> <var>(default: no limit)</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_limits</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 2.x</td></tr>
</table>
<p>This directive sets the maximum load average, above which files will not be served.
<div class="example"><h3>Example</h3><p><code>
ExtendedStatus On<br />
<br />
LoadModule limits_module modules/mod_limits.so<br />
<br />
<IfModule mod_limits.c><br />
LimitMaxLoadAVG 10<br />
</IfModule><br />
<br />
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="checkloadinterval" id="checkloadinverval">CheckLoadInterval Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Defines the time between check of the system LoadAVG(in seconds).</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CheckLoadInterval <var>number</var> <var>(default: 5 seconds)</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_limits</td></tr>
<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache 2.x</td></tr>
</table>
<p>This directive sets the amount of time that has to pass between checks of /proc/loadavg. It is pointless to be set under 5 seconds, because the kernel updates the information at most every 5 seconds.
<div class="example"><h3>Example</h3><p><code>
LoadModule limits_module modules/mod_limits.so<br />
<br />
<IfModule mod_limits.c><br />
CheckLoadInterval 5<br />
</IfModule><br />
<br />
</code></p></div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="images/up.gif"></a></div>
<div class="bottomlang"><p><span>Available Languages: </span><a href="#" title="English"> en </a></p>
</div>
<div id="footer">
<p class="apache">Copyright 2010-2016 Marian Marinov <[email protected]>.<br>
Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
</p>
</div>
</div></body></html>