WebSVN – configuration-templates – Blame – Rev 15 – /apache/security/limits/quality_of

Rev	Author	Line No.	Line
15	office	1	`########################################################################`
		2	`# Security - Apache Quality of Service (QoS) module (throttling). #`
		3	`# Depends on Apache modules: qos, ssl, setenvif #`
		4	`########################################################################`
		5
		6	`<IfModule mod_qos.c>`
		7	`### Maximum number of active TCP connections.`
		8	`## Needs to be calculated: http://grimore.org/fuss/apache#calculate_the_optimal_maximum_number_of_concurrent_connections`
		9	`MaxClients 25`
		10	`### Idle timeout:`
		11	`Timeout 15`
		12	`### KeepAlive`
		13	`KeepAlive on`
		14	`MaxKeepAliveRequests 25`
		15	`KeepAliveTimeout 5`
		16	`## Percent of requests (MaxClients) supporting HTTP keep-alive.`
		17	`QS_SrvMaxConnClose 70%`
		18	`### Deny slow clients blocking the server.`
		19	`## QS_SrvMinDataRate min (bytes) max (bytes)`
		20	`QS_SrvMinDataRate 128 1200`
		21	`### Limit request line, header and body.`
		22	`LimitRequestLine 7168`
		23	`LimitRequestFields 30`
		24	`QS_LimitRequestBody 102400`
		25	`### Number of allowed connections per IP address`
		26	`## Get the IP address from the X-Forwarded-For header.`
		27	`# QS_ClientIpFromHeader X-Forwarded-For`
		28	`QS_SrvMaxConnPerIP 16`
		29	`### Whitelist IP addresses and address ranges.`
		30	`## Mark loopback and private subnets as exempt from throttling.`
		31	`SetEnvIfExpr "-R '127.0.0.0/8' \|\| -R '10.0.0.0/8' \|\| -R '172.16.0.0/12' \|\| -R '192.168.0.0/16'" IgnoreIP=yes`
		32	`SetEnvIfExpr "-R '127.0.0.0/8' \|\| -R '10.0.0.0/8' \|\| -R '172.16.0.0/12' \|\| -R '192.168.0.0/16'" QS_VipRequest=yes`
		33	`## Unset the QS_Block variable for whitelisted IP`
		34	`QS_SetEnvIf IgnoreIP QS_Block !QS_Block`
		35	`### Enable or disable the qos-viewer and qos-viewer`
		36	`QS_DisableHandler on`
		37	`</IfModule>`

15

office

1

########################################################################

2

# Security - Apache Quality of Service (QoS) module (throttling). #

3

# Depends on Apache modules: qos, ssl, setenvif #

4

########################################################################

5

6

<IfModule mod_qos.c>

7

### Maximum number of active TCP connections.

8

    ## Needs to be calculated: http://grimore.org/fuss/apache#calculate_the_optimal_maximum_number_of_concurrent_connections

MaxClients 25

### Idle timeout:

Timeout 15

### KeepAlive

KeepAlive on

MaxKeepAliveRequests 25

15

KeepAliveTimeout 5

16

## Percent of requests (MaxClients) supporting HTTP keep-alive.

17

QS_SrvMaxConnClose 70%

18

### Deny slow clients blocking the server.

19

## QS_SrvMinDataRate min (bytes) max (bytes)

20

QS_SrvMinDataRate 128 1200

21

### Limit request line, header and body.

22

LimitRequestLine 7168

23

LimitRequestFields 30

24

QS_LimitRequestBody 102400

25

### Number of allowed connections per IP address

26

## Get the IP address from the X-Forwarded-For header.

27

# QS_ClientIpFromHeader X-Forwarded-For

28

QS_SrvMaxConnPerIP 16

29

### Whitelist IP addresses and address ranges.

30

## Mark loopback and private subnets as exempt from throttling.

31

SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" IgnoreIP=yes

32

SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" QS_VipRequest=yes

33

## Unset the QS_Block variable for whitelisted IP

34

QS_SetEnvIf IgnoreIP QS_Block !QS_Block

35

### Enable or disable the qos-viewer and qos-viewer

36

QS_DisableHandler on

37

</IfModule>

configuration-templates – Blame information for rev 15