通过 Apache 上的 IP 地址限制请求? [英] Throttling requests by IP address on Apache?
问题描述
我想限制对我的网络服务器的请求,以阻止针对我的网站的网络抓取和拒绝服务攻击.我愿意相对宽松一些,关键是没有人要求太多,以至于拖慢了速度.
I want to throttle requests to my web server so as to thwart web scraping and denial of service attacks against my site. I'm willing to be relatively lax, the key thing is that no one requests so much so as to slow things down.
我想通过 IP 地址设置限制,这样如果在短时间内发出太多请求,来自给定 IP 的请求就会变慢.
I was thinking of setting up throttling by IP address, so that requests from a given IP would be slowed if too many requests were made in a short period of time.
我有一些问题——
- 这是在 Web 服务器级别处理 Web 抓取工具和 DoS 攻击的正确方法吗?
- 什么是好的限制,以免给可能在共享 IP 网络上工作的普通用户带来不便?
- 我应该如何具体设置节流?我正在使用 Apache/2.2
推荐答案
这是在 Web 服务器级别的正确方法吗?"这可能是您拥有的最佳选择.在您网站的不同部分设置不同的阈值可能会很好:您可能比其他人更愿意限制某些类型的流量.但理想情况下,此类设置应在网络级别进行管理.
"Is this the right way ... at the web server level?" It's probably the best option you have. It might be good to have different thresholds on different parts of your site: you may be more willing to throttle certain kinds of traffic than others. But ideally these kinds of settings would be managed at the network level.
什么是好的限制......?"这完全取决于您的流量.您的期望值是多少,您的真实用户来自哪里,等等.
"What's a good limit ... ?" It completely depends on your traffic. How much you expect, where your real users come from, etc.
怎么做?可以在 ModSecurity 中编写处理此类事情的规则,它还可以防御其他一些东西.与 mod_evasive 的答案一样,这不会完全保护您免受拥有大量资源的攻击者的侵害,但会迫使他们加强游戏.
How to do it? It is possible to write rules to handle this sort of thing in ModSecurity, which also defends against some other stuff. As with the mod_evasive answer, this won't fully protect you against attackers with a lot of resources at their disposal, but it would force them to step up their game.
我认为 Apache httpd 中没有任何内置"功能可以促进这一点.预期会在网络级别管理滥用 IP 地址的问题(即网络流量问题).
I don't think there's anything "built into" Apache httpd that will facilitate this. The expectation would be that issues with an abusive IP address (i.e., network traffic issues) are managed at the network level.
由于您在其他地方评论说您使用 Rackspace 进行托管,您可能需要查看 他们的负载均衡器 API.
Since you comment elsewhere that you are using Rackspace for hosting, you might want to check out their load balancer API.
这篇关于通过 Apache 上的 IP 地址限制请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
