configuration-templates
/apache/security/limits/quality_of_service.conf |
@@ -0,0 +1,37 @@ |
######################################################################## |
# Security - Apache Quality of Service (QoS) module (throttling). # |
# Depends on Apache modules: qos, ssl, setenvif # |
######################################################################## |
|
<IfModule mod_qos.c> |
### Maximum number of active TCP connections. |
## Needs to be calculated: http://grimore.org/fuss/apache#calculate_the_optimal_maximum_number_of_concurrent_connections |
MaxClients 25 |
### Idle timeout: |
Timeout 15 |
### KeepAlive |
KeepAlive on |
MaxKeepAliveRequests 25 |
KeepAliveTimeout 5 |
## Percent of requests (MaxClients) supporting HTTP keep-alive. |
QS_SrvMaxConnClose 70% |
### Deny slow clients blocking the server. |
## QS_SrvMinDataRate min (bytes) max (bytes) |
QS_SrvMinDataRate 128 1200 |
### Limit request line, header and body. |
LimitRequestLine 7168 |
LimitRequestFields 30 |
QS_LimitRequestBody 102400 |
### Number of allowed connections per IP address |
## Get the IP address from the X-Forwarded-For header. |
# QS_ClientIpFromHeader X-Forwarded-For |
QS_SrvMaxConnPerIP 16 |
### Whitelist IP addresses and address ranges. |
## Mark loopback and private subnets as exempt from throttling. |
SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" IgnoreIP=yes |
SetEnvIfExpr "-R '127.0.0.0/8' || -R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" QS_VipRequest=yes |
## Unset the QS_Block variable for whitelisted IP |
QS_SetEnvIf IgnoreIP QS_Block !QS_Block |
### Enable or disable the qos-viewer and qos-viewer |
QS_DisableHandler on |
</IfModule> |