Prepare your server to install mod_qos:
# yum install openssl-devel pcre-devel httpd-devel
Download mod_qos
# cd ~root
# wget
"http://downloads.sourceforge.net/project/mod-qos/mod_qos-9.71.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fmod-qos%2Ffiles%2F&ts=1318107337&use_mirror=iweb"
# tar
xvfz mod_qos-9.71.tar.gz
# cd mod_qos-9.71/apache2/
# apxs -i -c mod_qos.c
/usr/lib/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o mod_qos.lo mod_qos.c && touch mod_qos.slo
mod_qos.c:673: warning: 'm_worker_mpm' defined but not used
/usr/lib/apr-1/build/libtool --silent --mode=link gcc -o mod_qos.la -rpath /usr/lib/httpd/modules -module -avoid-version mod_qos.lo
/usr/lib/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib/apr-1/build/libtool' mod_qos.la /usr/lib/httpd/modules
/usr/lib/apr-1/build/libtool --mode=install cp mod_qos.la /usr/lib/httpd/modules/
cp .libs/mod_qos.so /usr/lib/httpd/modules/mod_qos.so
cp .libs/mod_qos.lai /usr/lib/httpd/modules/mod_qos.la
cp .libs/mod_qos.a /usr/lib/httpd/modules/mod_qos.a
chmod 644 /usr/lib/httpd/modules/mod_qos.a
ranlib /usr/lib/httpd/modules/mod_qos.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib/httpd/modules/mod_qos.so
-bash-3.2#
Open your httpd.conf:
# vi /etc/httpd/conf/httpd.conf
#Put in the line:
LoadModule qos_module /usr/lib/httpd/modules/mod_qos.so
Load configuration:
# vi /etc/httpd/conf.d/qos.conf
Paste these:
## QoS Settings
<IfModule mod_qos.c>
# handles connections from up to 100000 different IPs
QS_ClientEntries 100000
# will allow only 50 connections per IP
QS_SrvMaxConnPerIP 50
# maximum number of active TCP connections is limited to 256
MaxClients 256
# disables keep-alive when 70% of the TCP connections are occupied:
QS_SrvMaxConnClose 70%
# minimum request/response speed (deny slow clients blocking the server, ie. slowloris keeping connections open without requesting anything):
QS_SrvMinDataRate 150 1200
# and limit request header and body (carefull, that limits uploads and post requests too):
# LimitRequestFields 30
# QS_LimitRequestBody 102400
</IfModule>
Restart your apache: # service httpd stop# service httpd start Check the status: http://your-domain/server-status
More detail: http://opensource.adnovum.ch/mod_qos