limit max number of simultaneous connections from same ip

Is there a way to limit the max number of httpd connections from a single
ip?

For example:

tcp 0 30492 207.36.86.205:80 162.84.172.175:50784
ESTABLISHED 31208/httpd
tcp 0 33396 207.36.86.205:80 162.84.172.175:50785
ESTABLISHED 14245/httpd
tcp 0 0 207.36.86.205:80 162.84.172.175:50782
ESTABLISHED 19402/httpd

Limit 162.84.172.175 to only make one connection?


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: limit max number of simultaneous connections fromsame ip

--------------050809000707080908000109
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit

Hello,

Anton Krall wrote:
> Is there a way to limit the max number of httpd connections from a single
> ip?
There is : just use iptables. Other than that, looking at your log, your
situation is very normal : usually web browsers open about 4 concurrent
connections when it has to fetch pictures related to a webpage... So it
might be a bad idea to try to limit concurrent connections to only 1
serverside.

>
> For example:
>
> tcp 0 30492 207.36.86.205:80 162.84.172.175:50784
> ESTABLISHED 31208/httpd
> tcp 0 33396 207.36.86.205:80 162.84.172.175:50785
> ESTABLISHED 14245/httpd
> tcp 0 0 207.36.86.205:80 162.84.172.175:50782
> ESTABLISHED 19402/httpd
>
> Limit 162.84.172.175 to only make one connection?
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


--
Jean-Christophe Montigny
Responsable Commission Web, Association Planètes
Responsable serveurs assoces.com, Association Planètes
Etudiant de deuxième année à Grenoble Ecole de Management
Majeure Conseil en Organisation des Systèmes d'Information

--------------050809000707080908000109
Content-Type: text/x-vcard; charset=utf-8;
name="jcm.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="jcm.vcf"

begin:vcard
fn:Jean-Christophe Montigny
n:Montigny;Jean-Christophe
org;quoted-printable:Association Pl@nètes
adr;quoted-printable:;;12, rue Pierre Sémard;Grenoble;FR;38000;France
email;internet:jcm@assoces.com
title:Responsable Com Web
x-mozilla-html:FALSE
url:http://planetes.assoces.com/
version:2.1
end:vcard



--------------050809000707080908000109
Content-Type: text/plain; charset=us-ascii

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
--------------050809000707080908000109--

Re: limit max number of simultaneous connections from same ip

On 10/24/05, Jean-Christophe Montigny wrote:
> Hello,
>
> Anton Krall wrote:
> > Is there a way to limit the max number of httpd connections from a sing=
le
> > ip?
> There is : just use iptables. Other than that, looking at your log, your
> situation is very normal : usually web browsers open about 4 concurrent
> connections when it has to fetch pictures related to a webpage... So it
> might be a bad idea to try to limit concurrent connections to only 1
> serverside.

There are also various third-party modules like mod_ip_count and
mod_throttle. But I agree with the other caveats mentioned by
Jean-Christophe.

Joshua.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: limit max number of simultaneous connections from same ip

Can you limit connections per IP for downloading certain filetypes or from
certain directories?

|-----Original Message-----
|From: Joshua Slive [mailto:jslive@gmail.com]
|Sent: Monday, October 24, 2005 8:33 AM
|To: users@httpd.apache.org
|Subject: Re: [users@httpd] limit max number of simultaneous
|connections from same ip
|
|On 10/24/05, Jean-Christophe Montigny wrote:
|> Hello,
|>
|> Anton Krall wrote:
|> > Is there a way to limit the max number of httpd connections from a
|> > single ip?
|> There is : just use iptables. Other than that, looking at your log,
|> your situation is very normal : usually web browsers open about 4
|> concurrent connections when it has to fetch pictures related to a
|> webpage... So it might be a bad idea to try to limit concurrent
|> connections to only 1 serverside.
|
|There are also various third-party modules like mod_ip_count
|and mod_throttle. But I agree with the other caveats
|mentioned by Jean-Christophe.
|
|Joshua.
|
|----------------------------------------------------------- ----------
|The official User-To-User support forum of the Apache HTTP
|Server Project.
|See for more info.
|To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
| " from the digest: users-digest-unsubscribe@httpd.apache.org
|For additional commands, e-mail: users-help@httpd.apache.org
|
|


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: limit max number of simultaneous connections from same ip

On Sunday 23 October 2005 21:09, Anton Krall wrote:
> Is there a way to limit the max number of httpd connections from a single
> ip?
>
> For example:
>
> tcp 0 30492 207.36.86.205:80 162.84.172.175:50784
> ESTABLISHED 31208/httpd
> tcp 0 33396 207.36.86.205:80 162.84.172.175:50785
> ESTABLISHED 14245/httpd
> tcp 0 0 207.36.86.205:80 162.84.172.175:50782
> ESTABLISHED 19402/httpd
>
> Limit 162.84.172.175 to only make one connection?

To add to the comments of others, you also have the situation where several
users (possibly hundreds, or thousands: see AOL) are behind a single proxy,
which has a single IP, so you would limit all those users to one connection
to your web server. Not a good idea.

j----- k-----

--
Joshua Kugler
CDE System Administrator
http://distance.uaf.edu/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: limit max number of simultaneous connections from same ip

I found a mod that lets you set an IP limit on a per auth user basis, which
is exactly what I was looking for, it also let you set an IP limit on unauth
users but that's exactly what we wanted to avoid so it works great in this
form:


Dir1 which has all the images and html files
-> dir2 which has some files inside and its protected by .htaccess

So.. Anybody has any number of connections on the open dir but as soon as
they try to take something from dir2, the auth system asks for a user and
then limit the user to only on connection to that dir but no dir1.

Works like a charm...

If anybody needs to do something like this, the mod is called mod_choke and
can be found here:

http://os.cyberheatinc.com/mod_choke.php

Made by Nathan Shafer
Great work!



|-----Original Message-----
|From: Joshua Kugler [mailto:joshua.kugler@uaf.edu]
|Sent: Tuesday, October 25, 2005 2:00 PM
|To: users@httpd.apache.org
|Subject: Re: [users@httpd] limit max number of simultaneous
|connections from same ip
|
|On Sunday 23 October 2005 21:09, Anton Krall wrote:
|> Is there a way to limit the max number of httpd connections from a
|> single ip?
|>
|> For example:
|>
|> tcp 0 30492 207.36.86.205:80 162.84.172.175:50784
|> ESTABLISHED 31208/httpd
|> tcp 0 33396 207.36.86.205:80 162.84.172.175:50785
|> ESTABLISHED 14245/httpd
|> tcp 0 0 207.36.86.205:80 162.84.172.175:50782
|> ESTABLISHED 19402/httpd
|>
|> Limit 162.84.172.175 to only make one connection?
|
|To add to the comments of others, you also have the situation
|where several users (possibly hundreds, or thousands: see AOL)
|are behind a single proxy, which has a single IP, so you would
|limit all those users to one connection to your web server.
|Not a good idea.
|
|j----- k-----
|
|--
|Joshua Kugler
|CDE System Administrator
|http://distance.uaf.edu/
|
|----------------------------------------------------------- ----------
|The official User-To-User support forum of the Apache HTTP
|Server Project.
|See for more info.
|To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
| " from the digest: users-digest-unsubscribe@httpd.apache.org
|For additional commands, e-mail: users-help@httpd.apache.org
|
|


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org