How to rate-limit Apache server on IP basis?

I currently have a custom implementation in PHP/mysql that keeps track of web hits and blocks those that exceed a certain rate for the same IP. I.e. if a given source IP hits the server more than X times in the last Y seconds then it will be served a redirect to a predefined location Z and the normal request processing will be aborted.

It works OK, but puts significant stress on MySQL.

So I was wondering if there is a special tool for this available? Maybe an Apache module or some kind of filter?


The best

  • mod_evasive (Focused more on reducing DoS exposure)
  • mod_cband (Best featured for 'normal' bandwidth control)

and the rest

  • mod_limitipconn
  • mod_bw
  • mod_bwshare

One more option - mod_qos

Not simple to configure - but powerful.

http://opensource.adnovum.ch/mod_qos/


you may be able to do this at a lower level with iptables and bypass apache/mysql all together.... match and forward to another host / port? i have only dropped:

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 -j DROP