How to Limit Requests Per IP in Apache


limit requests per ip apache

Malicious attackers can bring down your website by sending too many requests from a single or a group of IPs in a very short time. It is called as Denial-of-Service (DoS) and can hurt your website. Apache provides mod_evasive module which allows you to prevent such DoS attacks. Here’s how to limit requests per IP in Apache so it doesn’t get throttled by exploits.

 

How to Limit Requests Per IP in Apache

Here are the steps to limit requests per IP in Apache using mod_evasive module. You basically set a limit on number of times an IP can make requests in a given interval of time.

 

1. Install mod_evasive

Open terminal or SSH into your system as root and run the following commands


wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
tar xzf mod_evasive_1.10.1.tar.gz
cd mod_evasive
apxs -cia mod_evasive20.c

 

2. Configure mod_evasive

Here’s the default config of mod_evasive


DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60

 

Let’s look at each parameter in detail:

  • DOSHashTableSize size of the hash table used by w mod_evasive to track who’s accessing what. The larger the number, the faster the look-up for each visitor’s browsing past. However, it comes at the cost of more memory.
  • DOSPageCount specifies no. of identical requests to a specific URI (e.g example.com/about.html) a visitor can make over the specifiedDOSPageInterval interval (in seconds).
  • DOSSiteCount – similar to DOSPageCount, but how many total requests a visitor can make to your site over the DOSSiteInterval interval (in seconds).

If a site visitor exceeds any of these limits, they will be blacklisted for a specified amount of time (DOSBlockingPeriod). During that time interval, any request they make will return a 403 Forbidden error.

You can even set up email notifications with DOSEmailNotify (sends via mail) to get alerted every time someone gets blacklisted. This will help you determine if your limits are too strict. Also, if your server logs show an excess of 403 Forbidden responses then you might be blocking legitimate visitors.

 

3. Sample Configuration

Here’s a sample configuration that you an use for your website/web application. Add this to the bottom of your Apache config file

Open Apache config file in a text editor

Ubuntu / Linux Mint


$ sudo vim /etc/apache2/apache2.conf

 

CentOS/Fedora/RHEL


$ sudo vim /etc/apache2/httpd.conf

 

Feel free to customize it as per your requirement.


# Rate limiting
# Learn more at http://library.linode.com/web-servers/apache/mod-evasive
<IfModule mod_evasive20.c>
 # The hash table size defines the number of top-level nodes for each child's
 # hash table. Increasing this number will provide faster performance by
 # decreasing the number of iterations required to get to the record, but
 # consume more memory for table space. You should increase this if you have
 # a busy web server. The value you specify will automatically be tiered up
 # to the next prime number in the primes list (see mod_evasive.c for a list
 # of primes used).
 DOSHashTableSize 3097

 # If set, this email address will receive a notification whenever an IP
 # address becomes blacklisted. A locking mechanism prevents continous
 # emails from being sent.
 DOSEmailNotify admin@example.org

 # NOTE: The following settings apply on a per-IP address basis.

 # Allow up to 2 requests for the same URI per second:
 DOSPageInterval 1
 DOSPageCount 2

 # Allow up to 50 requests across the site per second:
 DOSSiteInterval 1
 DOSSiteCount 50

 # Once the client is blacklisted, prevent them from accessing the site
 # for 60 seconds:
 DOSBlockingPeriod 60
</IfModule>

 

4. Restart Apache Web Server

Restart Apache web server to apply changes

CentOS/Fedora/RHEL


/etc/init.d/httpd restart 

 

Ubuntu/Debian/LinuxMint


sudo /etc/init.d/apache2 restart 

 

 

 

 

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!