Updated : Aug 25, 2015 in Apache

Limiting the number of connected clients on a VirtualHost in Apache

Problem:
When a DDOS attack or a burst of requests are coming at the same time in my Apache2 Web server, the whole server can run out of RAM and crash.

Possible solution:
Limit the number of simultaneous connections to your Web server per VirtualHost

Method: One simple and effective method done directly on the Apache web server is by using the modules : mod_bw(mod_bandwidth) and mod_vhost_limit. I prefer the mod_vhost_limit since it is much easier to configure and has proved more effective according to my tests.

Environment:
Compatible with Apache 2.2 xx and Apache 2.4.xx.
Note:For Apache 2.4.xx, a ‘Patching’ of the original source code must be done before compiling the module.

Steps:
Install the build environment tools:
apt-get install build-essential apache2-dev
Download the module sources and extract it.
wget http://apache.ivn.cl/files/source/mod_vhost_limit-0.2.tgz
tar fvxz mod_vhost_limit-0.2.tgz

ONLY FOR Apache 2.4.xx
Getting the patch and patching the original source.
Ref: https://github.com/pld-linux/apache-mod_vhost_limit
wget https://github.com/pld-linux/apache-mod_vhost_limit/archive/master.zip
unzip master.zip
cp apache-mod_vhost_limit-master/* mod_vhost_limit-0.2/
cd mod_vhost_limit-0.2/
patch mod_vhost_limit.c < mod_vhost_limit-apache24.patch
cd ..

FOR BOTH Apache 2.2..xx and Apache 2.4.xx
Compile, install and enable the module:
cd mod_vhost_limit-0.2
/usr/bin/apxs2 -i -a -c mod_vhost_limit.c
service apache2 restart

Use the module in a VirtualHost configuration:
<VirtualHost ......>
...........
# Limits the concurrent requests to 1000 for this vhost
<IfModule vhost_limit_module>
MaxVhostClients 1000
</IfModule>
...........
</VirtualHost>

3 Comments

  • I wonder if it would be possible to set a greater MaxVhostClients value than the global MaxClients? If you for instance have a single site on your server, that needs a higher value than the rest.

    1. Well as far as I can remember I did the research and it WAS limiting the number of simultaneous connections to a VirtualHost with the proper configuration. Now since Apache 2.4 which bears many changes to the older 2.2 I don’t know how the module would behave. I did the tests within a project when I was working for a big company and the results were very good. Now that I’m self employed and don’t have the time to verify it again. So if any of you finds more information about the subject or even alternatives that work for the Apache 2.4 I would be very glad to hear about it.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: