top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Apache: How to Limit the number of connection per virtual host

0 votes
1,565 views

I am using Apache 2.2 on LE for several years now and I use intensively the virtual host mechanism (300 virtual hosts per http instance).

As soon as you start sharing resources between applications, you want to protect your platform and prevent an application from taking all the threads and cause a resource starvation for the others.

To do so i used the third party mod_qos module to limit the number of simultaneous connections per virtual hosts. Now that i intend to migrate to Apache 2.4, my first tests reveal that this module is not compatible with this version of Apache, thats also the warning that developer raised for his module.

It appears that I don't find any real alternative to substitute the mod_qos module with something else. Here are my questions :
- Can you confirm that Apache does not provide any mechanism allowing to limit the number of connection per virtual host, just to be sure that I am not missing something ?
- Why Apache doesn't provide such a functionality ? :) From my very humble user perspective, I am surprised that this is not a native functionality as it seems to me that my need is probably shared by many users. Moreover Apache provides many other complex functionalities, the one I am describing would be probably something simple to implement compared to other functionalities already available.

posted Jun 12, 2015 by Jagan Mishra

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
  • Can you confirm that Apache does not provide any mecanism allowing to limit the number of connection per virtual host, just to be sure that im not missing something ?

Apache doesnt provide it.

  • Why Apache doesnt provide such a functionality ? :) From my very humble user perspective, im surprised that this is not a native functionality as it seems to me that my need is probably shared by many users. Moreover Apache provides many other complex functionalities, the one im describing would be probably something simple to implement compared to other functionalities already available.

Nothing special for this function -- not enough interest/time for people in the project to write/test/support such a thing

answer Jun 12, 2015 by Tarun Singhal
Thank you for your feedback. But do you protect your platform then without such a functionality ?
Bear in mind that you only know which virtual host is requested when you read the Host: header, which is after you already accepted the connection.

There are third-party modules for managing loads and protecting a server from attack. Some of them might be worth a look.
Similar Questions
+1 vote

I try to configure apache virtual hosts after NAT. There are two name (like abc.dom.com and cde.dom.com) which refer to the same external address. This address is given to wan-port of a gateway and assigned to
be NAT to internal address where apache is up with ports 80 to 80.

Does it possible to configure the apache so it distinguishes name abc.* and cde.* (used by clients externally) and returns different pages (provided two s are configured)?

Which Directives are implemented in the case? Or, maybe, the example of such httpd.conf?

+1 vote

I have 3 virtual hosts that for all I can see are configured identically other the the obviously needed differences. The same is true of the 3 crt files.

 ServerName public.mydomain.com
 DocumentRoot /var/www/html
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/public.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName distrib.mydomain.com
 DocumentRoot /var/www/html/distrib
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/distrib.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

 ServerName mail.mydomain.com
 DocumentRoot /usr/local/squirrelmail/www
 SSLEngine on
 SSLCertificateFile /etc/httpd/SSL/mail.crt
 SSLCertificateKeyFile /etc/postfix/SSL/server.key

The problem is that 2 of them work perfectly and the lock shows up in the browser. With the third (public), I get a gray globe indicating partial encryption which does not prevent eavesdropping. I have no clue
how to debug this or even where to look. Can someone point me in the right direction?

+2 votes

I want to run three virtual hosts on separate IP addresses for notification messages (the reason is due to how the network kit does the redirection of traffic)

On each of these virtual hosts I want a request for any URI to be sent to the document root default (/index.html or just /)

What the best way to achieve this per virtual host?

+1 vote

I was reading the documentation and testing out some things. We have multiple name based virtual hosts, but would like to display a page when not match is found.
According to the documentation at [http://httpd.apache.org/docs/2.2/vhosts/name-based.html] and [https://httpd.apache.org/docs/2.4/vhosts/name-based.html#defaultvhost], the first matching servername or alias is used, with no precedence for wildcards.

What appears to be working in our case is a 'default' host with 'ServerName *', but how would I know for certain that this is the one that is always used?

Our configuration has the typical include of "/etc/httpd/conf.d/*.conf", it is here that the vhosts are defined in separate files. Should the default also be placed in here or does it have to be defined at the end of the httpd.conf (master) configuration file?

It is currently my understanding that I should place it at the bottom of httpd.conf; so to be sure it is that last that is matched, but I would like to hear from someone with more knowledge and/or experience about apache than myself. I would prefer it to be placed in the conf.d folder if possible.

...