I have two Apache instances behind a load balancer that I transfer the requests to, depending on the request type.
Now what I want: when I get too many transactions from an IP address, I want to block that IP for few seconds and send back some response to the client that you have sent too many requests.
So now the question: is there any way that we can handle this situation on my load balancer rather then calling my instances.
How can I handle this on Apache? I am using Apache version 2.2.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I would advise you to setup mod_evasive in Apache.
mod_evasive is an evasive maneuvers module for Apache that provides
evasive action in the event of an HTTP DoS attack or brute force
attack. It is also designed to be a detection and network management
tool, and can be easily configured to talk to ipchains, firewalls,
routers, and more. mod_evasive presently reports abuse via email and
syslog facilities.
To install it in Debian:
apt-get install libapache2-mod-evasive
Edit then mods-available/evasive.conf. Your values may vary depending on how many vhosts you have on the server.
<IfModule mod_evasive20.c> DOSHashTableSize 2048 DOSPageCount 50 <---- visites to site in the given time DOSSiteCount 500 <---- to pages DOSPageInterval 2.0 <---- 2 seconds DOSSiteInterval 1.0 DOSBlockingPeriod 600.0 <--- seconds DOSLogDir /var/log/apache2/evasive DOSWhitelist 127.0.0.1 DOSWhitelist x.x.x.* </IfModule>
For enabling the new mod_evasive configuration, you have to restart Apache.
You might also be interested in commercial services like CloudFlare or Amazon CloudFront.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0