You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Ivan Barrera A." <Br...@Ivn.cl> on 2006/12/05 20:52:31 UTC
Re: [users@httpd] Is there a way to limit a site's simultaneous
access?
William A. Rowe, Jr. wrote:
> No. Run multiple instances of httpd against different IP addresses.
>
> There's no way to decide about accepting per-named-host.
There are some third party modules that can do it.
I only wrote for apache 2, but there is equivalents in apache 1.
>
> Chuck Rock wrote:
>> I have a site that uses up all my apache slots occasionally. This leaves all
>> the other sites on that server unable to access.
>>
>> Does anyone know if there's a way in the Apache config file to limit a site to
>> say 100 simultaneous connections and that way leaves the rest available for
>> the other sites? Like being able to put MaxClients within a Virtualhost. ( I
>> tried, and you can't)
>>
>> I'm running Server Version: Apache/1.3.36 (Unix) mod_auth_passthrough/1.8
>> mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.4.2 FrontPage/5.0.2.2635.SR1.2
>> mod_ssl/2.8.27 OpenSSL/0.9.7a
>>
>>
>> Thanks,
>> Chuck
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>> .
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Is there a way to limit a site's simultaneous
access?
Posted by "Ivan Barrera A." <Br...@Ivn.cl>.
Chuck Rock wrote:
> Ivan Barrera A. <Bruce <at> Ivn.cl> writes:
>
>> William A. Rowe, Jr. wrote:
>>> No. Run multiple instances of httpd against different IP addresses.
>>>
>>> There's no way to decide about accepting per-named-host.
>> There are some third party modules that can do it.
>> I only wrote for apache 2, but there is equivalents in apache 1.
>>
>
> Do you have any links or names I can search for. I haven't had much luck
> finding anything on my own.
>
> Also, if there's Apache 2.x options, I'd like to know too. I can try setting
> up one of those for these sites possibly.
>
> I'm using cPanel/WHM so I'm pretty limited what I can do while keeping that
> framework, but I do know I can compile in other Apache modules not included
> with cPanel's configuration.
>
> Thank you for you help with this.
http://ivn.cl/apache
For apache 2, mod_vhost_limit. Provides a MaxVhostClients to vhost
(similar to MaxClients)
There is a mod named the same for apache 1 in which i based my work.
I'll take a look if i saved a copy.
>
> Chuck
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Is there a way to limit a site's simultaneous access?
Posted by Chuck Rock <ca...@epconline.net>.
Ivan Barrera A. <Bruce <at> Ivn.cl> writes:
>
> William A. Rowe, Jr. wrote:
> > No. Run multiple instances of httpd against different IP addresses.
> >
> > There's no way to decide about accepting per-named-host.
>
> There are some third party modules that can do it.
> I only wrote for apache 2, but there is equivalents in apache 1.
>
Do you have any links or names I can search for. I haven't had much luck
finding anything on my own.
Also, if there's Apache 2.x options, I'd like to know too. I can try setting
up one of those for these sites possibly.
I'm using cPanel/WHM so I'm pretty limited what I can do while keeping that
framework, but I do know I can compile in other Apache modules not included
with cPanel's configuration.
Thank you for you help with this.
Chuck
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Is there a way to limit a site's simultaneous access?
Posted by Chuck Rock <ca...@epconline.net>.
Ivan Barrera A. <Bruce <at> Ivn.cl> writes:
>
> William A. Rowe, Jr. wrote:
> > Ivan Barrera A. wrote:
> >> William A. Rowe, Jr. wrote:
> >>> No. Run multiple instances of httpd against different IP addresses.
> >>>
> >>> There's no way to decide about accepting per-named-host.
> >> There are some third party modules that can do it.
> >> I only wrote for apache 2, but there is equivalents in apache 1.
> >
> > Let me clarify - it's possible through a third party or write-your-own
> > module to decide if a given host should be processed or rejected with
> > a 5XX error.
> >
> > But it's not possible to control which of many pending connections the
> > server will accept() next by name, because the name is one of the http
> > header fields that can only be parsed once the connection -is- accepted.
> >
> > By IP address and/or multiple instances, it's possible to throttle the
> > number of pending and accepted connections, because it's not dependent
> > on inspecting the http headers.
> >
>
> Seen that way, your answer is right.
> However, i think the question was more about trying to avoid some site
> using most of the apache childs for itself. That's why he asked about
> "limit a site" (refering to a vhost).
>
> Trying to limit in the way of ip address, will be similar in attemping
> to avoid a DoS attack.
>
Correct, I'm using cPanel/WHM which is a software using Linux/Apache/MySQL/PHP
to sell hosting for web and E-mail. It does a good job in my opinion giving
you the tools needed to do that. I have a shared hosting server that is
normally very good for all the customers on it, but I have a few sites that
occasionally use up all 250 MaxClients for themselves and leave no available
connections for the other paying customers.
I have questions/suggestions in with cPanel to add that functionality to their
software if it's possible. I'm also researching if I can add that manually
while waiting for them to figure it out. Better service for all my customers
is my goal and also being able to actually provide the service I sell.
Chuck
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is there a way to limit a site's simultaneous
access?
Posted by "Ivan Barrera A." <Br...@Ivn.cl>.
William A. Rowe, Jr. wrote:
> Ivan Barrera A. wrote:
>> William A. Rowe, Jr. wrote:
>>> No. Run multiple instances of httpd against different IP addresses.
>>>
>>> There's no way to decide about accepting per-named-host.
>> There are some third party modules that can do it.
>> I only wrote for apache 2, but there is equivalents in apache 1.
>
> Let me clarify - it's possible through a third party or write-your-own
> module to decide if a given host should be processed or rejected with
> a 5XX error.
>
> But it's not possible to control which of many pending connections the
> server will accept() next by name, because the name is one of the http
> header fields that can only be parsed once the connection -is- accepted.
>
> By IP address and/or multiple instances, it's possible to throttle the
> number of pending and accepted connections, because it's not dependent
> on inspecting the http headers.
>
Seen that way, your answer is right.
However, i think the question was more about trying to avoid some site
using most of the apache childs for itself. That's why he asked about
"limit a site" (refering to a vhost).
Trying to limit in the way of ip address, will be similar in attemping
to avoid a DoS attack.
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Is there a way to limit a site's simultaneous
access?
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Ivan Barrera A. wrote:
> William A. Rowe, Jr. wrote:
>> No. Run multiple instances of httpd against different IP addresses.
>>
>> There's no way to decide about accepting per-named-host.
>
> There are some third party modules that can do it.
> I only wrote for apache 2, but there is equivalents in apache 1.
Let me clarify - it's possible through a third party or write-your-own
module to decide if a given host should be processed or rejected with
a 5XX error.
But it's not possible to control which of many pending connections the
server will accept() next by name, because the name is one of the http
header fields that can only be parsed once the connection -is- accepted.
By IP address and/or multiple instances, it's possible to throttle the
number of pending and accepted connections, because it's not dependent
on inspecting the http headers.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org