CODEWITHSUNDEEP
apache
Scarface
Scarface

Reputation: 3913

How can I limit user bandwidth usage?

Ok, I have a site, and it serves all images and mp3s through a php script and can be controlled and limited, but I am now worried about overall bandwidth of my site. For example, what if someone just sends a million requests to one of my pages? Does anyone have any suggestions into server methods used to prevent this? Should I use mod_cband?

Upvotes: 1

Views: 931

Answers (1)

Marcos Placona
Marcos Placona

Reputation: 21720

What I personally like to do, is control access via firewall as opposed to webserver. Using IPTABLES (linux only) to prevent that individual IPs start more than a specified number of connections. It's trial and error, as you need to calculate it right, but in an overall, that should prevent the attacker's connection rate

iptables -A INPUT -p TCP --dport 80 -m state --state NEW -j STOP-ABUSE
iptables -A STOP-ABUSE -m recent --set
iptables -A STOP-ABUSE -m recent --update --seconds 10 --hitcount 3 -j DROP

mod_cband is also pretty good (although I stopped using it and left it only for the firewall as described above), I reckon a combination of the two approaches will lead to satisfactory results.

Also, I'd suggest you take a look at mod_throttle, and described on the link.

Hope this helps you

UPDATE: As mentioned on my comment, firewall and mod_throttle are only available if you have access to them. As you mentioned you seem to be on a shared environment, so you most likely won't have access to the firewall. A few things could be done though.

You could enable mod_deflate (check with your host if it's available first), and also avoid hot-linking (i.e. other websites using your assets such as images and JS). An example of it is:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]

Upvotes: 2

Related Questions