mod_limit

mod_limit limits concurrent connections or requests per second.

Both limits can be “in total” or per IP.

limit.con (action)

limits the total amount of concurrent connections to the specified limit.

limit.con (limit, action);

limit: the maximum number of concurrent connections
action: (optional) an action to be executed when the limit is reached

If no action is defined a 503 error page will be returned. If it is specified there is no other special handling apart from running the specified action when the limit is reached.

Example

limit.con 10;

limit.con_ip (action)

limits the total amount of concurrent connections per IP to the specified limit.

limit.con_ip (limit, action);

limit: the maximum number of concurrent connections per IP
action: (optional) an action to be executed when the limit is reached

If no action is defined a 503 error page will be returned. If it is specified there is no other special handling apart from running the specified action when the limit is reached.

Example

limit.con_ip 2;

limit.req (action)

limits the amount of requests per second to the specified limit.

limit.req (limit, action);

limit: the maximum number of requests per second
action: (optional) an action to be executed when the limit is reached

If no action is defined a 503 error page will be returned. If it is specified there is no other special handling apart from running the specified action when the limit is reached.

Example

limit.req 100;

limit.req_ip (action)

limits the amount of requests per second per IP to the specified limit.

limit.req_ip (limit, action);

limit: the maximum number of requests per second per IP
action: (optional) an action to be executed when the limit is reached

If no action is defined a 503 error page will be returned. If it is specified there is no other special handling apart from running the specified action when the limit is reached.

Example

limit.req_ip 100;

Limiting concurrent connections

This config snippet will allow only 10 active downloads overall and 1 per IP. If the limit is exceeded, either because more than 10 people try to access this resource or one person tries a second time while having one download running already, they will be redirected to /connection_limit_reached.html.

setup {
	module_load ("mod_limit","mod_redirect");
}

limit_reached = {
	redirect "/connection_limit_reached.html";
};

if req.path =^ "/downloads/" {
	limit.con 10 => limit_reached;
	limit.con_ip 1 => limit_reached;
}

Limiting requests per second

This config snippet will write a message to the log containing the client IP address if the /login page is hit more than once in a second. It will however also not do anything else. The client will be able to use the /login page as often as he wants.

setup {
	module_load "mod_limit";
}

if req.path == "/login" {
	limit.req_ip 1 => { log.write "Possible bruteforce from %{req.remoteip}"; };
}