Best-Selling Hosting
- Shared Hosting
- VPS Hosting
- Reseller Hosting
- Windows Hosting
- PHP Hosting
- Multiple Domain Hosting
- ASP Hosting
- Best Web Hosting Companies
- Dedicated Servers
- Java Hosting
- Managed Servers
- Coldfusion Hosting
- Linux Hosting
- Database Hosting
- > All Hosting Services
Top Rated Providers
Editors Pick
APF Deny ALL for SSH Limit IP Connections
Published: Feb 06, 2007
-
Rating
4/5
Rating
4/5Do you need more granular control over some of your clients? Instead of limiting them to a certian amount of bandwidth per month, how about per week, day or even hour? Apache module mod_throttle is the answer.
This Apache module is intended to reduce the load on your server & bandwidth generated by popular virtual hosts, directories, locations, or users according to supported polices (see below) that decide when to delay or refuse requests. Also mod_throttle can track and throttle incoming connections by IP address or by authenticated remote user.
Every request now passes through four levels of throttling, which are: by client's IP address (ThrottleClientIP), by authenticated remote user name (ThrottleRemoteUser), by local user ID (ThrottleUser), and by directory, location, virtual host, or server (ThrottlePolicy).
To install with cPanel, SSH into your server as root and perform the following:
cd /usr/src
wget http://www.snert.com/Software/mod_throttle/mod_throttle312.tgz
tar zxvf mod_throttle312.tgz
cd mod_throttle-3.1.2
pico Makefile
Then edit the line that reads:
APXS=apxs
And change it to read:
APXS=/usr/local/apache/bin/apxs
Save the file and then:
make
make install
service httpd restart
Usage
Best bet is to go to http://www.snert.com/Software/mod_throttle/ and read up on all the options, but I will give you an example of limiting a site, and how to monitor all your throttled sites status.
Edit your /etc/httpd/conf/httpd.conf and locate the virtualhost entry for the site you wish to throttle. Just BEFORE the </VirtualHost> entry, insert:
<IfModule mod_throttle.c>
ThrottlePolicy Volume 10G 30d
</IfModule>
<Location /throttle-me>
SetHandler throttle-me
</Location>
The ThrottlePolicy line is the key. The first number is the amount of data and acceptable letters are G, M and K. The second number is the period and acceptable letters are m, w, d, h, and s.
Then restart Apache (service httpd restart).
If you want to be able to see the status of all throttled sites on the server at once, go to the first virtualhost entry in your httpd.conf file (this should be the entry for your server's hostname) and add the following:
<Location /throttle-status>
SetHandler throttle-status
</Location>
Then restart Apache again, and you can go to http://host.name.com/throttle-status and see the status of all throttled sites.
Enjoy!
Related Articles
- Guide to Chkrootkit - checking for intruders
- Creating a Welcome message for SSH logins
- Mask Your Web Server for Enhanced Security
- E-mail Alert on Root SSH Login
- How to install BFD (Brute Force Detection)
- How to install APF (Advanced Policy Firewall)
- How to install mod_security for Apache
- How to Disable Telnet
- How to install KISS Firewall
- Detect and Clean a hacked server T0rnkit Tutorial
- Compile 2.6.7 Kernel w/module-init-tools
Comments (3)
-
Linux Uruguay 19:52, February 18, 2007That can be easly done using /etc/hosts.allow and only accepting ssh :<br />
<br />
sshd : YOUR_IP_HERE<br />
<br />
Then just put:<br />
<br />
ALL : ALL at the /etc/hosts.deny, of course IP must be listed at the /etc/apf/allow.. file.<br />
<br />
Keep working, this site have nice tutorials. -
sandy 16:50, April 12, 2007Always helpfull :)<br />
<br />
cheers :) -
Ryan 19:35, June 9, 2007You can simply remove port 22 from the IG_TCP_CPORTS then add your allow_hosts.rules entries. The rules into deny_hosts.rules are not needed as since port 22 is not open in the common ports variable IG_TCP_CPORTS, it will be denied implicitly.
Add Your Thoughts
WebHostGear.com is a hosting directory, not a web host.
Copyright © 1998-2010 WebHostGear.com