How to Limit Requests Per IP in Apache

Sometimes you may need to implement rate limiting in Apache web server to block malicious traffic and DDOS attacks. You can easily do this using mod_qos Apache module. It allows you to control quality of service offered by your web server so that no user faces downtime unnecessarily. In this article, we will look at how to limit requests per IP in Apache using mod_qos module.


How to Limit Requests Per IP in Apache

Here are the steps to limit requests per IP in Apache.


1. Update Ubuntu packages

Open terminal and run the following command to update Ubuntu packages.

$ sudo apt-get update

Also read : How to Use Linux History Command


2. Install mod_qos

Run the following command to install mod_qos.

$ sudo apt-get install libapache2-mod-qos

After installation, mod_qos will automatically enable itself.

Also read : How to Change XAMPP Apache port


3. Configure mod_qos

Open mod_qos configuration file at /etc/apache2/mods-available/qos.conf

$  sudo vi /etc/apache2/mods-available/qos.conf

Add/Edit the following lines. The comments after # sign clearly explain what each variable is used for. We have configured mod_qos such that min request rate – 120 bytes/sec, max connections – 800, keep alive support up to 600 connections, max connections per ip – 50. You can change these values as per your requirement.

Sample configuration:
# minimum request rate (bytes/sec at request reading):
QS_SrvRequestRate                                 120

# limits the connections for this virtual host:
QS_SrvMaxConn                                     800

# allows keep-alive support till the server reaches 600 connections:
QS_SrvMaxConnClose                                600

# allows max 50 connections from a single ip address:
QS_SrvMaxConnPerIP                                 50

# disables connection restrictions for certain clients:
QS_SrvMaxConnExcludeIP                    43.42.54.21
QS_SrvMaxConnExcludeIP                    92.68.10.

mod_qos provides many configuration options. Here is a full list for your reference.

Also read : How to Uninstall NGINX in CentOS


4. Restart Apache Web Server

Restart Apache web server to apply changes.

$ sudo service apache2 restart

That’s it. Now Apache will automatically limit requests per IP on your website to 50 connections/ip.

Also read : How to Fix Apache Not Executing PHP Files