Tuesday, November 24, 2009

How to set up Apache and limit access per IP - mod_limitipconn.so module

# Get Apache with the apxs2 tool
apt-get install apache2-threaded-dev

# test that apxs works
which apxs2


nano /etc/apache2/apache2.conf

and add this at the bottom:

# This command is always needed
ExtendedStatus On

# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so

<IfModule mod_limitipconn.c>

    # Set a server-wide limit of 10 simultaneous downloads per IP,
    # no matter what.
    MaxConnPerIP 10
    <Location /somewhere>
        # This section affects all files under http://your.server/somewhere
        MaxConnPerIP 3
        # exempting images from the connection limit is often a good
        # idea if your web page has lots of inline images, since these
        # pages often generate a flurry of concurrent image requests
        NoIPLimit image/*
    </Location>

    <Directory /home/*/public_html>
        # This section affects all files under /home/*/public_html
        MaxConnPerIP 1
        # In this case, all MIME types other than audio/mpeg and video*
        # are exempt from the limit check
        OnlyIPLimit audio/mpeg video
    </Directory>
</IfModule>

# Modify the "/somewhere" to match the alias (not directory) which you are protecting.



# Add this mod at the bottom of the actions.load file:
  cd /etc/apache2/mods-available
  nano actions.load
# Add this at the end of the file:
  LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so

# edit the httpd conf (not the apache2.conf) config file:
  nano /etc/apache2/httpd.conf
# add the following 2 comments at the bottom of the file, with the pound sign in front,
# this will ensure that in the following steps, the "make install" won't barf.

# Dummy LoadModule directive to aid module installations
#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so




# Download the limit ip connection module and set it up
  wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2
  tar -jxvf mod_limitipconn-0.23.tar.bz2
  cd mod_limitipconn-0.23
  nano Makefile
# Look for apxs and modify it to apxs2
  make
  make install
# If the "make install" barfs with an error such as:
  apxs:Error: Activation failed for custom /etc/apache2/httpd.conf file..
  apxs:Error: At least one `LoadModule' directive already has to exist..
then you forgot to edit the httpd.conf file and add the dummy module entry (see above).
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)