Limit Number of Connections from an IP
avatar

Posted on August 5, 2011 by

One of the problems you can sometimes face with a website is people mirroring your site or search bots excessively connecting to you.  This is very easy to fix by limiting the number of connections an IP address is allowed to make.

To do this you just need to install the mod_limitipconn Apache module.  If you are using Fedora or CentOS you can easily install this module through yum:

yum install mod_limitipconn

Once it is installed it is very easy to config.  You need to add the following line to your httpd.conf file:

LoadModule limitipconn_module modules/mod_limitipconn.so

Then you just need to add in the settings for the module.  I have included some samples below:

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 3
NoIPLimit image/*
NoIPLimit application/javascript
</Location>
<Location /phpmyadmin/*>
NoIPLimit *
</Location>
</IfModule>

The above settings consist of two parts, the location and then the settings for that location.  What is really nice is you can say certain folders are allowed more connections then others.  This is very important now that most browsers use multiple threads to download a single page.  This means that for a normal person to connect and view your website the browser may establish multiple connections.

In the above example you will see that I set the location to “/” (which means the entire site), then I say there is a MaxConnPerIP of 3, so I only want a max of three connections at a time from a single IP.  The next thing you will see is NoIPLimit image/* and NoIPLimit application/javascript.  Without these two settings multiple thread browser have a lot of problems loading pages since they often open up a connection for each of these content types plus one for the regular text on the site.  The other thing to keep in mind when doing this is that NoIPLimit is looking for a MIME type and not a path.

Now the other thing you may want to do is set section of the website where there will be no limit at all.  This is done again by setting the location (the example I used was phpmyadmin) and then saying NoIPLimit on any file type.

This entry was posted in Apache, CentOS, Fedora and tagged , , , . Bookmark the permalink.

Leave a Reply