lookikng to limit the number of api requests from clients. wondering if there is a way to do it with apache or do i have to write some code
-
I wouldn't do it in apache.. I'd do it at network layer with iptables.
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --setiptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 86400 --hitcount 100 -j REJECTChange 86400 to the number of seconds you want to keep the block for (86400 is 1 day), and 100, is the hit count, how many you're prepared to allow per IP.
You can also change -j REJECT to -j DROP, which defines the packet behavior when the condition is met. DROP seamlessly drops packets, and REJECT returns a "port unreachable" or similar error.
That said, there was a mod_throttle that would do something similar, but I can't seem to find much information about it. I think it feels neater to do this kind of thing at the network/kernel level, rather than in apache. Apache is good at serving requests. Let it do what it does best, and don't burden it with having to track connections too.
(yes, I did just copy my answer to a previous question..)
From Tom O'Connor
0 comments:
Post a Comment