Mod_Throttle for DA
Date: July 29, 2004
Tested on FreeBSD 4.10
-------------------------------------------------------
1. Download and unpack mod_throttle
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar -zxf mod_throttle132
2. Make a second level backup of the httpd.conf because the compile will rewrite it. It will make a backup with httpd.conf.bak so this is just a precausionary measure since I don't like my programs rewriting any config files without warning me ahead of time.
3. Build DSO module
cd (pathto)/mod_throttle-1.3
make install
4. Restore backed up httpd.conf otherwise any changes you have made to it will be lost
5. Modify the httpd.conf file with the following. The httpd.conf DA used will probably have some of this. Make sure the following is already in there, if its not put it in the correct locations.
and
Now add the following:
6. Save the httpd.conf file and restart apache
FreeBSD: /usr/local/etc/rc.d/httpd restart
RedHat: /sbin/service httpd restart
7. Test and see if it work!
www.yourdomain.com/throttle-status
If there is information there you can not set up mod_throttle to do what it was meant for.
Configuration Instructions can be found here:
http://www.snert.com/Software/mod_throttle/#Configuration
--------------------------------------------------------------------------
Sub-How-To
A requested feature is how to limit the number of accesses from a single ip, here is how you do it.
1. Setting the Policy for the entire server to only allow 10 requests from a single ip address in a 5 minute period
Open the httpd.conf file again and change the "ThrottlePolicy none" line to
ThrottleClientIP 100 Request 10 5m
After 5 requests within a 5 minute period the user will receive a 503 Service temporarily Unavailable error message
What does it mean?
This is the format that is used
ThrottleClientIP size policy limit period
Size = The size of the list The period of time that a client IP address is tracked depends on the size of the client IP address list, which is ordered most recent request to oldest. Every time a new client IP address connects, the oldest entry in the list is lost and reassigned to the new client IP address. Every time an existing entry makes a request, it is moved to the top of the list.
policy = The Policy we wanted to use. In this How-To we used the request policy to limit the number of requests. The number to limit to is in the limit section=
limit = The limit that applies to the policy
period = The period is a number followed by an optional suffix s, m, h, d, or w for seconds, minutes, hours, days, or weeks respectively. When no suffix is given the default is seconds.
Please visit http://www.snert.com/Software/mod_throttle for a complete list of policies that you can use.
Date: July 29, 2004
Tested on FreeBSD 4.10
-------------------------------------------------------
1. Download and unpack mod_throttle
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar -zxf mod_throttle132
2. Make a second level backup of the httpd.conf because the compile will rewrite it. It will make a backup with httpd.conf.bak so this is just a precausionary measure since I don't like my programs rewriting any config files without warning me ahead of time.
3. Build DSO module
cd (pathto)/mod_throttle-1.3
make install
4. Restore backed up httpd.conf otherwise any changes you have made to it will be lost
5. Modify the httpd.conf file with the following. The httpd.conf DA used will probably have some of this. Make sure the following is already in there, if its not put it in the correct locations.
Code:
[b]<IfDefine HAVE_THROTTLE>
LoadModule throttle_module modules/mod_throttle.so
</IfDefine>[/b]
Code:
[b]<IfDefine HAVE_THROTTLE>
AddModule mod_throttle.c
</IfDefine>
[/b]
Now add the following:
Code:
[b]
<IfModule mod_throttle.c>
ThrottlePolicy none
<Location /throttle-status>
SetHandler throttle-status
</Location>
<Location /throttle-me>
SetHandler throttle-me
</Location
<Location /~*/throttle-me>
SetHandler throttle-me
</Location>
</IfModule>[/b]
FreeBSD: /usr/local/etc/rc.d/httpd restart
RedHat: /sbin/service httpd restart
7. Test and see if it work!
www.yourdomain.com/throttle-status
If there is information there you can not set up mod_throttle to do what it was meant for.
Configuration Instructions can be found here:
http://www.snert.com/Software/mod_throttle/#Configuration
--------------------------------------------------------------------------
Sub-How-To
A requested feature is how to limit the number of accesses from a single ip, here is how you do it.
1. Setting the Policy for the entire server to only allow 10 requests from a single ip address in a 5 minute period
Open the httpd.conf file again and change the "ThrottlePolicy none" line to
ThrottleClientIP 100 Request 10 5m
After 5 requests within a 5 minute period the user will receive a 503 Service temporarily Unavailable error message
What does it mean?
This is the format that is used
ThrottleClientIP size policy limit period
Size = The size of the list The period of time that a client IP address is tracked depends on the size of the client IP address list, which is ordered most recent request to oldest. Every time a new client IP address connects, the oldest entry in the list is lost and reassigned to the new client IP address. Every time an existing entry makes a request, it is moved to the top of the list.
policy = The Policy we wanted to use. In this How-To we used the request policy to limit the number of requests. The number to limit to is in the limit section=
limit = The limit that applies to the policy
period = The period is a number followed by an optional suffix s, m, h, d, or w for seconds, minutes, hours, days, or weeks respectively. When no suffix is given the default is seconds.
Please visit http://www.snert.com/Software/mod_throttle for a complete list of policies that you can use.
Last edited: