configuration-templates
| /apache/security/limits/quality_of_service.conf |
|---|
| @@ -0,0 +1,37 @@ |
| ######################################################################## |
| # Security - Apache Quality of Service (QoS) module (throttling). # |
| # Depends on Apache modules: qos, ssl, setenvif # |
| ######################################################################## |
| <IfModule mod_qos.c> |
| ### Maximum number of active TCP connections. |
| ## Needs to be calculated: http://grimore.org/fuss/apache#calculate_the_optimal_maximum_number_of_concurrent_connections |
| MaxClients 25 |
| ### Idle timeout: |
| Timeout 15 |
| ### KeepAlive |
| KeepAlive on |
| MaxKeepAliveRequests 25 |
| KeepAliveTimeout 5 |
| ## Percent of requests (MaxClients) supporting HTTP keep-alive. |
| QS_SrvMaxConnClose 70% |
| ### Deny slow clients blocking the server. |
| ## QS_SrvMinDataRate min (bytes) max (bytes) |
| QS_SrvMinDataRate 128 1200 |
| ### Limit request line, header and body. |
| LimitRequestLine 7168 |
| LimitRequestFields 30 |
| QS_LimitRequestBody 102400 |
| ### Number of allowed connections per IP address |
| ## Get the IP address from the X-Forwarded-For header. |
| # QS_ClientIpFromHeader X-Forwarded-For |
| QS_SrvMaxConnPerIP 16 |
| ### Whitelist IP addresses and address ranges. |
| ## Mark loopback and private subnets as exempt from throttling. |
| SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" IgnoreIP=yes |
| SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" QS_VipRequest=yes |
| ## Unset the QS_Block variable for whitelisted IP |
| QS_SetEnvIf IgnoreIP QS_Block !QS_Block |
| ### Enable or disable the qos-viewer and qos-viewer |
| QS_DisableHandler on |
| </IfModule> |