`

Apache 1.3 基于IP限制带宽

阅读更多
安装步聚:
   /usr/local/apache/bin/apxs -c -i -a mod_limitipconn.c 
   创建目录:
   mkdir  /tmp/apachebw
          /tmp/apachebw/link
          /tmp/apachebw/master

httpd.conf 添加:
ExtendedStatus On                             
  
<IfDefine HAVE_BANDWIDTH>
LoadModule bandwidth_module modules/mod_bandwidth.so
</IfDefine>
<IfDefine HAVE_BANDWIDTH>
AddModule mod_bandwidth.c
</IfDefine>

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 4
</Location>
</IfModule>
<IfModule mod_bandwidth.c>
BandWidthDataDir "/tmp/apachebw"
BandWidthModule on
#BandWidthPulse 2
</IfModule>
<Directory /usr/local/apache1.3/htdocs>
BandWidth 10.5.3.70 10000
#BandWidth all 100
</Directory>

-------------------------------------------------------

参考文档:
mod_limitipconn.c
David Jao <djao@dominia.org>
Proxy tracking by Jonathan J. Miner <miner@doit.wisc.edu>
Apache C module to limit the maximum number of simultaneous connections
per IP address. Allows inclusion and exclusion of files based on MIME
type.
Example configuration:

ExtendedStatus On
# Only needed if the module is compiled as a DSO
LoadModule limitipconn_module lib/apache/mod_limitipconn.so
AddModule mod_limitipconn.c
<IfModule mod_limitipconn.c>
    <Location /somewhere>
        MaxConnPerIP 3
        # exempting images from the connection limit is often a good
        # idea if your web page has lots of inline images, since these
        # pages often generate a flurry of concurrent image requests
        NoIPLimit image/*
    </Location>
    <Location /mp3>
        MaxConnPerIP 1
        # In this case, all MIME types other than audio/mpeg and video*
        # are exempt from the limit check
        OnlyIPLimit audio/mpeg video
    </Location>
</IfModule>
---------------------------------------------------------------------------
Notes:
  This module will not function unless mod_status is loaded and the
  "ExtendedStatus On" directive is set.
  The limits defined by mod_limitipconn.c apply to all IP addresses
  connecting to your Apache server. Currently there is no way to set
  different limits for different IP addresses.
  Connections in excess of the limit result in a stock 503 Service
  Temporarily Unavailable response. The job of returning a more useful
  error message to the client is left as an exercise for the reader.
  mod_limitipconn sets the LIMITIP environment variable to 1 whenever a
  download is denied on the basis of too high an IP count. You can use
  this variable to distinguish accesses that have been denied by this
  module. For example, a line like
      CustomLog /var/log/httpd/access_log common env=!LIMITIP
  in httpd.conf can be used to suppress logging of denied connections
  from /var/log/httpd/access_log. (Note that, if you want to do this,
  you'll probably also want to comment out the ap_log lines from
  mod_limitipconn.c to suppress error_log lines as well.)
Proxy client tracking
  By default, all clients behind a proxy are treated as coming from the
  proxy server's IP address. If you patch Apache with the included patch
  and configure with --with-forward and rebuild, the real IP addresses
  of clients behind proxies are correctly detected.  You will need to
  either compile statically or compile with -DRECORD_FORWARD.
  If you don't patch the server, DO NOT compile with RECORD_FORWARD
  defined. The module will still function, but it will not recognize
  clients behind proxies.
***************************************************************************************************************************
Mod_bandwidth documentation
Installation :
WARNING: It is very important to give the lowest priority to mod_bandwidth so other modules will have the time to do their job before the documents are transmited ! For that reason, it is important to follow those steps :

APACI installation
Copy the file mod_bandwidth.c to your Apache source directory.
Run the ./configure script with the following directives : --add-module=mod_bandwidth.c \
--permute-module=BEGIN:bandwidth
Compile and install Apache.
APXS installation
Compile the module with :
/path_to_apache/bin/apxs -c /path/mod_bandwidth.c -o /path_to_apache/libexec/mod_bandwidth.so
Add the following lines to your httpd.conf file :
LoadModule bandwidth_module libexec/mod_bandwidth.so
AddModule mod_bandwidth.c
Those directives should be placed at the begining of the list so that the module will be given the lowest priority and be executed after others modules.

Manual installation
Copy the file mod_bandwidth.c to the "src/modules/extra" directory of your Apache sources.
Copy the "src/Configuration.tmpl" file to "src/Configuration"
Edit the "src/Configuration" file and add near the begining :
AddModule modules/extra/mod_bandwidth.o
(This is the reverse of old Apache versions)
Run the "./Configure" script
Compile and install Apache
Create the needed directories and make sure that they are "read/write/execute" for the user under which Apache run. By default, mod_bandwidth use the following directories but they can be changed using the BandWidthDataDir configuration directive:
/tmp/apachebw
/tmp/apachebw/link
/tmp/apachebw/master
Note that if any of those directories doesn't exist, or if they can't be accessed by the server, the module is totaly disabled except for logging an error message in the logfile.
Be careful that on some systems the content of the /tmp directory is deleted at boot time or every so often by a cronjob. If that the case, either disable this feature or change the location of the directories used by the module using the BandWidthDataDir configuration directive.
Global configuration directives :

BandWidthDataDir
Syntax : BandWidthDataDir <directory>
Default : "/tmp/apachebw"
Context : server config
Sets the name of the root directory used by mod_bandwidth to store its internal temporary information. Don't forget to create the needed directories : <directory>/master and <directory>/link

BandWidthModule
Syntax : BandWidthModule <On|Off>
Default : Off
Context : per server config
Enable or disable totaly the whole module. By default, the module is disable so it is safe to compile it in the server anyway.
PLEASE, NOTE THAT IF YOU SET A BANDWIDTH LIMIT INSIDE A VIRTUALHOST BLOCK, YOU ALSO __NEED__ TO PUT THE "BandWidthModule On" DIRECTIVE INSIDE THAT VIRTUALHOST BLOCK !
IF YOU SET BANDWIDTH LIMITS INSIDE DIRECTORY BLOCKS (OUTSIDE OF ANY VIRTUALHOST BLOCK), YOU ONLY NEED TO PUT THE "BandWidthModule On" DIRECTIVE ONCE, OUTSIDE OF ANY VIRTUALHOST OR DIRECTORY BLOCK.

BandWidthPulse
Syntax : BandWidthPulse <microseconds>
Default :
Context : per server config
Change the algorithm used to calculate bandwidth and transmit data. In normal mode (old mode), the module try to transmit data in packets of 1KB. That mean that if the bandwidth available is of 512B, the module will transmit 1KB, wait 2 seconds, transmit another 1KB and so one.
Seting a value with "BandWidthPulse", will change the algorithm so that the server will always wait the same amount of time between sending packets but the size of the packets will change. The value is in microseconds. For example, if you set "BandWidthPulse 1000000" (1 sec) and the bandwidth available is of 512B, the sever will transmit 512B, wait 1 second, transmit 512B and so on.
The advantage is a smother flow of data. The disadvantage is a bigger overhead of data transmited for packet header. Setting too small a value (bellow 1/5 of a sec) is not realy useful and will put more load on the system and generate more traffic for packet header.
Note also that the operating system may do some buffering on it's own and so defeat the purpose of setting small values.
This may be very useful on especialy crowded network connection : In normal mode, several seconds may happen between the sending of a full packet. This may lead to timeout or people may believe that the connection is hanging. Seting a value of 1000000 (1 sec) would guarantee that some data are sent every seconds...

Directory / VirtualServer configuration directives
BandWidth
Syntax : BandWidth <domain|ip|all> <rate>
Default : none
Context : per directory, .htaccess
Limit the bandwidth for files in this directory and sub-directories based on the remote host <domain> or <ip> address or for <all> remote hosts.
Ip addresses may now be specified in the network/mask format. (Ie: 192.168.0.0/21 )
The <rate> is in Bytes/second. A <rate> of "0" means no bandwidth limit.
Several BandWidth limits can be set for the same directory to set different limits for different hosts. In this case, the order of the "BandWidth" keywords is important as the module will take the first entry which matches the client address.
Example :
<Directory /home/www>
BandWidth ecp.fr 0
BandWidth 138.195 0
BandWidth all 1024
</Directory>


This will limit the bandwith for directory /home/www and all it's subdirectories to 1024Bytes/sec, except for .ecp.fr or 138.195..where no limit is set.

LargeFileLimit
Syntax : LargeFileLimit <filesize> <rate>
Default : none
Context : per directory, .htaccess
Set a maximal <rate> (in bytes/sec) to use when transfering a file of <filesize> KBytes or more.
Several "LargeFileLimit" can be set for various files sizes to create range. The rate used for a given file size will be the one of the matching range.
A <rate> of "0" mean that there isn't any limit based on the size.
A <rate> of "-1" mean that there isn't any limit for that type of file. It's override even a BandWidth limit. I found this usefull to give priority to very small files (html pages, very small pictures) while seting limits for larger files... (users with their video files can go to hell !
Example :
If the following limits are set :
LargeFileLimit 200 3072
LargeFileLimit 1024 2048
That's mean that a file of less than 200KBytes won't be limited based on his size. A file with a size between 200KBytes (included) and 1023Kbytes (included) will be limited to 3072Bytes/sec and a file of 1024Kbytes or more will be limited to 2048Bytes/sec.

MaxConnection
Syntax : MaxConnection <connections>
Default : 0 (unlimited)
Context : per directory, .htaccess
Restrict the number of maximum simultanous connections. If the limit is reached, new connections will be rejected. A value of 0 mean that there isn't any limits.

MinBandWidth
Syntax : MinBandWidth <domain|ip|all> <rate>
Default : all 256
Context : per directory, .htaccess
Set a minimal bandwidth to use for transfering data. This over-ride both BandWidth and LargeFileLimit rules as well as the calculated rate based on the number of connections.
The first argument is used in the same way as the first argument of BandWidth.
<rate> is in bytes per second.
A rate of "0" explicitly means to use the default minimal value (256 Bytes/sec).
A rate of "-1" means that the minimal rate is equal to the actual rate defined by BandWidth and LargeFileLimit. In fact, that means that the final rate won't depend of the number of connections but only on what was defined.
Example :
If BandWidth is set to "3072" (3KBytes/sec) and MinBandWidth is set to "1024" (1KBytes/sec) that means :
- if there is one connection, the file will be transfered at 3072 Bytes/sec.
- if there is two connections, each files will be transfered at 1536 Bytes/sec.
- if there is three or more connections, each files will be transfered at 1024 Bytes/sec. (Minimal of 1024 Bytes/sec).
If MinBandWidth is set to "-1" that means :
- if there is one connection, the file will be transfered at 3072 Bytes/sec.
- if there is two or more connections, each files will be transfered at 3072 Bytes/sec. In effect, the rate doesn't depend anymore on the number of connections but only on the configuration values.
Note that the total transfer rate will never exceed your physical bandwidth limitation.
Note : If both a "BandWidth" and a "LargeFileLimit" limit apply, the lowest one will be used. (But never lower than the "MinBandWidth" rate)
If both a virtual server limit is defined and another apply for a directory under this virtual server, the directory limit will over-ride it.
If a limit is defined outside a Directory or VirtualHost directive, it will act as default on a per virtual server basis. (Ie: each virtual server will have that limit, _independantly_ of the other servers)
Runing Apache with mod_bandwidth :
For correct results, it is important that there isn't any "dead" links in the "link" directory of mod_bandwidth when you start the server.
It may be a good idee to run the "cleanlink.pl" script we provide to automaticaly remove dead links
分享到:
评论

相关推荐

    在Apache服务器上启用GZip压缩静态内容的方法

    为了优化网站的访问速度,我们可以通过对静态内容进行压缩,从而减少网页加载的时间,大大节省用户的带宽。在这篇文章中,我将介绍如何使用Apache和.htaccess文件进行静态内容压缩。 首先让我介绍一下,我们可以使用...

    F5负载均衡

    - 内网虚拟IP:192.168.1.3 (vs_apache) - Squid服务器池(pool_squid):192.168.1.11 和 192.168.1.12 - Apache服务器池(pool_apache_default): 192.168.1.21 和 192.168.1.22 - Apache服务器池(pool_apache_irules)...

    cacti监控多核CPU

    数据模板的RRDTool命令应使用SNMP接口获取CPU使用率,如`snmpget -O s -v [SNMP_VERSION] -c [COMMUNITY_STRING] [HOST_IP] .1.3.6.1.4.1.2021.11.50.0`,其中[SNMP_VERSION]、[COMMUNITY_STRING]和[HOST_IP]需要...

    Zabbix Enterprise Application Platform安装及配置规范.docx

    1.3 **部署架构** Zabbix EAP的部署架构应考虑监控需求的复杂性、规模和分布式特性。可能的架构包括单服务器模式、分布式模式、包含Proxy的架构等,根据实际环境选择最佳方案。 1.4 **IP 地址规划** 合理规划IP地址...

    mod_slotlimit-开源

    3. **安全性增强**:可以防止DDoS(分布式拒绝服务)攻击,通过限制每个IP的并发连接数,降低被恶意用户利用的风险。 4. **更好的用户体验**:通过合理分配资源,确保每个访问者都能得到及时的响应,提升用户体验。 ...

    英特尔Hadoop发行版 2.2 新手指南

    该平台基于Apache Hadoop项目开发而成,集成了HDFS(Hadoop Distributed File System)、HBase、MapReduce等核心组件,并提供了额外的工具和服务来提升整体性能和可用性。以下是该发行版中包含的一些关键商业套件...

    电子政务网站的硬件设计与软件配置.docx

    ##### 1.3 设计方案 设计方案主要包括以下几个方面: - **需求分析**:确定电子政务网站的目标用户群体、功能需求和服务范围。 - **硬件设计**:选择适合的硬件设备,包括路由器、交换机、工作站、服务器等,并...

    致远OA A8-V5协同管理软件 V5.1安装维护手册

    **1.3 服务器运行环境要求** - **并发数说明** - 不同并发用户数量对硬件配置的要求不同,分为以下几类: - **1.3.2 并发200以下用户** - CPU:单核或以上。 - 内存:2GB。 - 硬盘空间:10GB以上。 - **1.3.3 ...

    电子政务网站的硬件设计与软件配置(共35页).doc

    - 交换机:用于连接多个工作站,实现局域网内数据交换,需要考虑带宽和端口数量。 - 工作站:员工的工作终端,配置应满足日常办公需求。 - 服务器:提供计算资源和存储空间,根据业务量选择适当的服务器类型。 - ...

    中小企业的网络架

    - **定义**: Sersync是基于rsync的一种实时同步工具,主要用于文件的实时同步。 - **特点**: - **实时同步**: 能够实时检测文件变化,并立即将变化同步到目标位置。 - **效率**: 通过增量传输减少网络带宽消耗。 ...

    GoAccess使用指南(官方中文版)

    * 支持几乎所有 Web 日志格式(Apache、Nginx、Amazon S3、Elastic Load Balancing、CloudFront、Caddy 等) * 只需设置日志格式并针对您的日志运行 * 漂亮的终端机和引导程序仪表板(Tailor GoAccess 可以满足您...

    Linux FTP服务搭建

    AnonymousBandwidth 8 匿名用户的最大带宽(KB/s) AllowAnonymousFXP yes 允许匿名用户进行FXP传输 AnonymousCantUpload no 是否允许匿名用户上传文件(no=允许) 第2步,Pure-FTPD服务是以ftp账号运行的,所以...

    MongoDB新功能及Atlas云服务概览.pptx

    - **IP 白名单**: 增加了安全性,只有指定 IP 地址才能访问数据库。 - **默认绑定至本地主机**: 提高了数据的安全性和私密性。 - **会话**: 支持客户端与服务器之间的持续交互。 - **WiredTiger 存储引擎**: 提升了...

    A8-V5协同管理软件 V5.1SP1安装维护手册

    **1.3 服务器运行环境要求** 根据不同的并发用户数量,对服务器的硬件配置有着不同的要求: - **1.3.1 并发数说明** - **并发200以下用户**:最低配置为2核CPU,4GB内存,建议配置为4核CPU,8GB内存。 - **并发...

    Jetty权威指南.pdf

    通过配置`VirtualHost`和`VirtualHost.ContextHandler`,可以实现基于域名或IP地址的不同Web站点。 #### 十、管理服务器 **10.1 服务器日志管理** Jetty提供了丰富的日志记录功能,可以通过配置文件指定日志级别...

    Linux管理员指南

    提高单个服务器的安全性 145 11.1 TCP/IP与网络安全 145 11.2 追踪服务 146 11.2.1 使用netstat命令 146 11.2.2 netstat命令输出与系统的安全性 148 11.2.3 关闭服务 148 11.3 监控系统 149 ...

    AWS EC2用户指南

    - **网络隔离**: VPC允许用户自定义网络环境,包括IP地址范围、子网、路由表等。 #### 六、入门 **6.1 步骤1: 启动实例** - **选择AMI**: 选择合适的AMI作为实例的基础。 - **配置实例**: 设置实例的类型、网络配置...

Global site tag (gtag.js) - Google Analytics