节流在Apache通过IP地址的请求? [英] Throttling requests by IP address on Apache?
问题描述
我要限制请求到我的Web服务器,从而阻挠网络刮对我的网站的拒绝服务攻击。我愿意是相对宽松的,关键的是,没有人要求这么多,从而放慢改革的步伐。
I want to throttle requests to my web server so as to thwart web scraping and denial of service attacks against my site. I'm willing to be relatively lax, the key thing is that no one requests so much so as to slow things down.
我想通过IP地址设置限制的,因此,如果过多的请求都在短时间内实现了从给定的IP请求将放缓。
I was thinking of setting up throttling by IP address, so that requests from a given IP would be slowed if too many requests were made in a short period of time.
有些问题我have--
Some questions I have--
- 这是去了解与网络刮削器和DoS攻击在处理Web服务器级别的正确方法?
- 什么是一个很好的限制,所以,我不感到不便谁可能在共享IP网络合作普通用户?
- 如何具体我应该安装节流?我使用Apache / 2.2
推荐答案
这是正确的方式......在Web服务器级别?这可能是你最好的选择。这可能是件好事,在您的网站的不同部分不同的阈值:你可能更愿意扼杀某些类型的流量比别人。但理想这些种类的设置将在网络级进行管理。
"Is this the right way ... at the web server level?" It's probably the best option you have. It might be good to have different thresholds on different parts of your site: you may be more willing to throttle certain kinds of traffic than others. But ideally these kinds of settings would be managed at the network level.
什么是良好的限制......?这完全取决于你的流量。你是多么期待,在这里你真正的用户来自等。
"What's a good limit ... ?" It completely depends on your traffic. How much you expect, where your real users come from, etc.
怎么办呢?它可以编写规则来处理这样的事情在的ModSecurity ,这也抵御一些其他的东西。如同mod_evasive答案,这不会完全保护你免受攻击者与他们的处置了大量的资源,但它会迫使他们加紧他们的比赛。
How to do it? It is possible to write rules to handle this sort of thing in ModSecurity, which also defends against some other stuff. As with the mod_evasive answer, this won't fully protect you against attackers with a lot of resources at their disposal, but it would force them to step up their game.
我不认为有什么建成阿帕奇的httpd,将有助于这一点。预期将是与滥用IP地址的问题(即网络流量的问题)是在网络层面进行管理。
I don't think there's anything "built into" Apache httpd that will facilitate this. The expectation would be that issues with an abusive IP address (i.e., network traffic issues) are managed at the network level.
编辑:
既然你对此有何评论您正在使用Rackspace公司托管在其他地方,你可能想看看<一个href=\"http://docs.rackspacecloud.com/loadbalancers/api/v1.0/clb-devguide/content/Throttle_Connections-d1e4057.html\"相对=nofollow>他们的负载均衡API 。
Since you comment elsewhere that you are using Rackspace for hosting, you might want to check out their load balancer API.
这篇关于节流在Apache通过IP地址的请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
