L'rpm in : /Mandrivalinux/devel/cooker/i586/media/contrib/release Limit IP downloads in Apache – Save Bandwidth Overview: Blocking and preventing bandwidth abusers in Apache isn’t an easy task and no one seems to talk about it. We all just leave our websites open for someone to download as many things from the site, at the same time, as the server will allow. I’ve seen some people downloading up to 20 videos at the same time on one of my other sites. Growing tired of kids constantly abusing downloads I decided to see what options I had and came up with some great solutions. If you have a site with large media such as videos, images or documents then you should read this and think about implementing it. It took me about 20 minutes to figure out, now that I’ve done the brute work it should take you 10 or so minutes. Preventing Bandwidth Abuse Instead of using the common talked about hotlinking method I wanted something at the server level which is more reliable. Hotlinking is basically a mod_rewrite .htaccess file that prevents other sites from putting images that are hosted on your server, on their site therefore using your bandwidth. I wanted to limit the amount of downloads per IP from a visitor on my actual site, meaning someone could only download X number of things at once, instead of unlimited. After some research I found an Apache module called: mod_limitipconn.c About LimitIPConn “This is the distribution page for the Apache module mod_limitipconn.c, which allows web server administrators to limit the number of simultaneous downloads permitted from a single IP address.” Official site: http://dominia.org/djao/limitipconn.html Sweet, ok well does this thing work with Cpanel…. Yes, yes it does =) Test System For this Tutorial Red Hat Enterprise 3 Cpanel 10.8 Apache 1.3, MySQL 4.1 , PHP 4.4 You can limit a specific number of downloads per IP in the Apache configuration file (httpd.conf) and have different rules for each directory if you want. So if you have a directory called /videos you can create a ruleset for that directory in particular limiting the concurrent downloads to 1 for example. Then you can create another rule for a directory like /archive which you can limit image downloads to 5, there are all kinds of things you can set and lots of rules available! Understanding the limitipconn Rules There are many different configurations you can use for this, I’ll go over a few ones I think would be more useful. Example configuration: --------------------------------------------------------------------------- ExtendedStatus On # Only needed if the module is compiled as a DSO LoadModule limitipconn_module lib/apache/mod_limitipconn.so AddModule mod_limitipconn.c MaxConnPerIP 3 # exempting images from the connection limit is often a good # idea if your web page has lots of inline images, since these # pages often generate a flurry of concurrent image requests NoIPLimit image/* MaxConnPerIP 1 # In this case, all MIME types other than audio/mpeg and video* # are exempt from the limit check OnlyIPLimit audio/mpeg video --------------------------------------------------------------------------- Installing mod_limitipconn.c Installing this was quick and easy. Login to your server through shell as the root user. # wget tar xzvf mod_limitipconn-0.04.tar.gz # cd mod_limitipconn-0.04 # vi Makefile Find APXS = apxs CHANGE TO: APXS = /usr/local/apache/bin/apxs Save #make #make install This adds the module to httpd.conf and backs up the old configuration from httpd.conf.new # vi /usr/local/apache/conf/httpd.conf It should have added the following: LoadModule limitipconn_module libexec/mod_limitipconn.so and AddModule mod_limitipconn.c Now we need to setup the configuration for the site you want to add the limits to. Search the domain you want and go to the configuration for it in httpd.conf You should be at the part like this: ServerAlias www.domain.com domain.com Add the following configuration that you want, this restricts 2 directories I have on my site to prevent users from downloading more than 1 video at a time, I have 2 separate rules. MaxConnPerIP 1 # In this case, all MIME types other than audio/mpeg and video* # are exempt from the limit check OnlyIPLimit audio/mpeg video MaxConnPerIP 1 # In this case, all MIME types other than audio/mpeg and video* # are exempt from the limit check OnlyIPLimit audio/mpeg video So my whole entry for the domain looks like this: ServerAlias www.domain.com domain.com ServerAdmin webmaster@domain.com DocumentRoot /home/domain/public_html BytesLog domlogs/domain.com-bytes_log ServerName www.domain.com php_admin_value open_basedir "/home/domain:/usr/lib/php:/usr/local/lib/php:/tmp" MaxConnPerIP 1 # In this case, all MIME types other than audio/mpeg and video* # are exempt from the limit check OnlyIPLimit audio/mpeg video MaxConnPerIP 1 # In this case, all MIME types other than audio/mpeg and video* # are exempt from the limit check OnlyIPLimit audio/mpeg video User domain Group domain CustomLog domlogs/domain.com combined ScriptAlias /cgi-bin/ /home/domain/public_html/cgi-bin/ Save httpd.conf Test Apache Configuration # apachectl configtest start Make sure it comes back ok without errors # /scripts/restartsrv_httpd Apache will restart. Try it out. Go to your limited directory and try to download 2 things (2 depends on your IP limit you set). You should get forwarded to a 503 Temporary Service page. We can customize that as well =) Customizing the 503 Temporary Service Page FTP to your webspace and edit your public_html/.htaccess file Add the following to the top: ErrorDocument 503 http://www.domain.com/bandwidth.php Save the file and upload it. Create a page called bandwidth.php or html, or whatever you want. Put a message saying you’re preventing bandwidth abuse and limiting downloads to 1 at a time. Make sure everything is working well and go relax, you did a good job and managed to save your server a lot of bandwidth and yourself some cash! About the Author: Steven Leggett is the editor of the server resource and hosting tutorial site, www.webhostgear.com and specializes in system administration and web development. New! - Need serv ********************************************** http://dominia.org/djao/limitipconn2.html mod_limitipconn.c - Apache 2.0 port I have ported the original mod_limitipconn module to Apache 2.0. The Apache 2.0 port includes all the features of the Apache 1.3 version, including proxy tracking and MIME type inclusion/exclusion. Downloads * tar.gz package * Redhat 9 binary rpm * Fedora Core 3 binary rpm * source rpm * README file * Precompiled win32 DLL (contributed by Apachez) * old versions Installation The instructions below are written for Apache 2.0.39 since that's what I had when I wrote the module, but they will also work with any later version of Apache 2.0. Instructions for statically compiling mod_limitipconn into httpd: tar xzvf httpd-2.0.39.tar.gz tar xzvf mod_limitipconn-0.22.tar.gz cd httpd-2.0.39 ./configure --with-module=aaa:../mod_limitipconn-0.22/mod_limitipconn.c make make install Instructions for building as a Dynamic Shared Object (DSO): tar xzvf mod_limitipconn-0.22.tar.gz cd mod_limitipconn-0.22 make install Instructions for building static httpd with proxy tracking: tar xzvf httpd-2.0.39.tar.gz tar xzvf mod_limitipconn-0.22.tar.gz cd httpd-2.0.39 patch -p1 < ../mod_limitipconn-0.22/apachesrc.diff ./buildconf ./configure --enable-forward --with-module=aaa:../mod_limitipconn-0.22/mod_limitipconn.c make make install Instructions for building DSO with proxy tracking: tar xzvf httpd-2.0.39.tar.gz tar xzvf mod_limitipconn-0.22.tar.gz cd httpd-2.0.39 patch -p1 < ../mod_limitipconn-0.22/apachesrc.diff ./buildconf ./configure --enable-forward make make install cd ../mod_limitipconn-0.22 PATH=/usr/local/apache2/bin:$PATH make install Copyright © 2002 David Jao (djao@dominia.org).