Limit PHP requests per IP

Driesp · Aug 29, 2017

Hello

We seen occasional crawlers, possible searching for vulnerabilities, requesting many PHP pages at once on different domains.
This causes load to spike, and eventually long (>10 seconds) load times for legitimate requests.

I was wondering if there is an apache module that could limit PHP process requests per remote IP.
for example: 4 PHP requests at once / IP, consecutive requests should be queued for later processing.
And excluding other requests (like CSS, images, html,...)

This should be a sort of QOS-like system to prevent overloading.

Thank you in advance.

Kind regards
Dries

Driesp · Sep 2, 2017

Hi

Anyone familiar with this approach?

mod_limitipconn: http://dominia.org/djao/limitipconn2.html

Code:

<IfModule mod_limitipconn.c>
    # Set a server-wide limit of 10 simultaneous downloads per IP,
    # no matter what.
    MaxConnPerIP 10
    # In this case, all MIME types other than text/html
    # are exempt from the limit check
    OnlyIPLimit text/html
</IfModule>

Richard G · Sep 2, 2017

Not familiar with that, but it looks to me it does max. connections per ip and not max. downloads per ip.
A number of 10 might be a bit low.

You can also use CSF for that with the CT_Limit option:
https://www.mkyong.com/linux/csf-how-to-limit-the-number-of-connections-per-ip-address/

wattie · Sep 2, 2017

To limit only PHP files, add mod_limitipconn and set it up as:

<IfModule mod_limitipconn.c>
MaxConnPerIP 10
OnlyIPLimit application/x-php
</IfModule>

That will limit up to 10 simultaneous connections per IP.

Please note that you should not expect a lot of improvement. Your firewall should already be limited to something like 25 or 50 global limit per IP. If not, first setup your firewall first, test, then go with the apache modules.

Limit PHP requests per IP

Driesp

Verified User

Driesp

Verified User

Richard G

Verified User

wattie

Verified User